Abstract
Enterprise systems are growing in complexity, and the adoption of cloud and mobile services has greatly increased the attack surface. To proactively address these security issues in enterprise systems, a threat modeling language for enterprise systems called enterpriseLang was proposed. It is a domain-specific language (DSL) designed using the Meta Attack Language (MAL) framework and focuses on describing system assets, attack steps, defenses, and asset associations. The threat models can serve as input for attack simulations to analyze the behavior of attackers within the system. However, whether and to what extent the functionality of these threat modeling languages is achieved has not been addressed. To ensure the correct functionality of threat modeling languages, this paper proposes a method to assess the quality of such languages and illustrates its application using enterpriseLang.
Originalsprog | Engelsk |
---|---|
Tidsskrift | CEUR Workshop Proceedings |
Vol/bind | 3045 |
Sider (fra-til) | 49-58 |
ISSN | 1613-0073 |
Status | Udgivet - 2021 |
Begivenhed | 14th IFIP WG 8.1 Working Conference on the Practice of Enterprise Modeling, PoEM-Forum 2021 - Riga, Letland Varighed: 24. nov. 2021 → 26. nov. 2021 |
Konference
Konference | 14th IFIP WG 8.1 Working Conference on the Practice of Enterprise Modeling, PoEM-Forum 2021 |
---|---|
Land/Område | Letland |
By | Riga |
Periode | 24/11/2021 → 26/11/2021 |
Bibliografisk note
Funding Information:This project has received funding from the European Union’s H2020 research and innovation programme under the Grant Agreement No. 832907.
Funding Information:
This project has received funding from the European Union's H2020 research and innovation programme under the Grant Agreement No. 832907.
Publisher Copyright:
© 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).