A Method for Quality Assessment of Threat Modeling Languages: The Case of enterpriseLang

Wenjun Xiong, Simon Hacks, Robert Lagerström

Publikation: Bidrag til tidsskriftKonferenceartikelForskningpeer review

45 Downloads (Pure)

Abstract

Enterprise systems are growing in complexity, and the adoption of cloud and mobile services has greatly increased the attack surface. To proactively address these security issues in enterprise systems, a threat modeling language for enterprise systems called enterpriseLang was proposed. It is a domain-specific language (DSL) designed using the Meta Attack Language (MAL) framework and focuses on describing system assets, attack steps, defenses, and asset associations. The threat models can serve as input for attack simulations to analyze the behavior of attackers within the system. However, whether and to what extent the functionality of these threat modeling languages is achieved has not been addressed. To ensure the correct functionality of threat modeling languages, this paper proposes a method to assess the quality of such languages and illustrates its application using enterpriseLang.

OriginalsprogEngelsk
TidsskriftCEUR Workshop Proceedings
Vol/bind3045
Sider (fra-til)49-58
ISSN1613-0073
StatusUdgivet - 2021
Begivenhed14th IFIP WG 8.1 Working Conference on the Practice of Enterprise Modeling, PoEM-Forum 2021 - Riga, Letland
Varighed: 24. nov. 202126. nov. 2021

Konference

Konference14th IFIP WG 8.1 Working Conference on the Practice of Enterprise Modeling, PoEM-Forum 2021
Land/OmrådeLetland
ByRiga
Periode24/11/202126/11/2021

Bibliografisk note

Funding Information:
This project has received funding from the European Union’s H2020 research and innovation programme under the Grant Agreement No. 832907.

Funding Information:
This project has received funding from the European Union's H2020 research and innovation programme under the Grant Agreement No. 832907.

Publisher Copyright:
© 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).

Fingeraftryk

Dyk ned i forskningsemnerne om 'A Method for Quality Assessment of Threat Modeling Languages: The Case of enterpriseLang'. Sammen danner de et unikt fingeraftryk.

Citationsformater