Abstract
Cyber-attacks on IT infrastructures can have disastrous consequences for individuals, regions, as well as whole nations. In order to respond to these threats, the cyber security assessment of IT infrastructures can foster a higher degree of security and resilience against cyber-attacks. Therefore, the use of attack simulations based on system architecture models is proposed. To reduce the effort of creating new attack graphs for each system under assessment, domain-specific languages (DSLs) can be employed. DSLs codify the common attack logics of the considered domain.
Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop DSLs and generate attack graphs for modeled infrastructures. In this article, we propose coreLang as a MAL-based DSL for modeling IT infrastructures and analyzing weaknesses related to known attacks. To model domain-specific attributes, we studied existing cyber-attacks to develop a comprehensive language, which was iteratively verified through a series of brainstorming sessions with domain modelers. Finally, this first version of the language was validated against known cyber-attack scenarios.
This work has received funding from the Swedish Civil Contingencies Agency through the research centre Resilient Information and Control Systems (RICS), European Union’s H2020 research and innovation programme under the Grant Agreements no. 833481 and no. 832907, the Swedish Energy Agency, and the Swedish Governmental Agency for Innovation Systems (Vinnova).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
CVSS v3.1 Specification Document. https://www.first.org/cvss/v3.1/specification-document
Almorsy, M., Grundy, J.: Secdsvl: a domain-specific visual language to support enterprise security modelling. In: 2014 23rd Australian Software Engineering Conference (ASWEC), pp. 152–161. IEEE (2014)
Defense Use Case: Analysis of the cyber attack on the Ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC) (2016)
Ekstedt, M., Johnson, P., Lagerström, R., Gorton, D., Nydrén, J., Shahzad, K.: securiCAD by foreseeti: a CAD tool for enterprise cyber security management. In: 2015 IEEE 19th International Enterprise Distributed Object Computing Workshop (EDOCW), pp. 152–155. IEEE (2015)
Engström, V., Johnson, P., Lagerström, R.: Automating Cyber Attack Simulations Against Amazon Web Services Environments (To be published) (2020)
Frigault, M., Wang, L., Singhal, A., Jajodia, S.: Measuring network security using dynamic bayesian network. In: Proceedings of the 4th ACM workshop on Quality of protection, pp. 23–30. ACM (2008)
Hasling, B., Goetz, H., Beetz, K.: Model based testing of system requirements using uml use case models. In: 2008 1st International Conference on Software Testing, Verification, and Validation, pp. 367–376. IEEE (2008)
Bichler, M.: Design science in information systems research. WIRTSCHAFTSINFORMATIK 48(2), 133–135 (2006). https://doi.org/10.1007/s11576-006-0028-8
Holm, H., Shahzad, K., Buschle, M., Ekstedt, M.: P\(^2\)CySeMoL: predictive, probabilistic cyber security modeling language. IEEE Trans. Dependable Secure Comput. 12(6), 626–639 (2015). https://doi.org/10.1109/TDSC.2014.2382574
Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: Computer Security Applications Conference, 2009. ACSAC 2009. Annual, pp. 117–126. IEEE (2009)
Johnson, P., Lagerström, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, p. 38. ACM (2018)
Katsikeas, S., Johnson, P., Hacks, S., Lagerström, R.: Probabilistic modeling and simulation of vehicular cyber attacks : An application of the meta attack language. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy (2019)
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack-defense trees. In: International Workshop on Formal Aspects in Security and Trust, pp. 80–95. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-19751-2_6
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: Dag-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1–38 (2014)
Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, New York (2010)
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: International Conference on Information Security and Cryptology. pp. 186–198. Springer (2005)
Morikawa, I., Yamaoka, Y.: Threat tree templates to ease difficulties in threat modeling. In: 2011 14th International Conference on Network-Based Information Systems, pp. 673–678 (2011). https://doi.org/10.1109/NBiS.2011.113
Noel, S., Elder, M., Jajodia, S., Kalapa, P., O’Hare, S., Prole, K.: Advances in topological vulnerability analysis. In: Conference For Homeland Security, 2009. CATCH 2009. Cybersecurity Applications Technology, pp. 124–129 (2009). https://doi.org/10.1109/CATCH.2009.19
Petermann, T., Bradke, H., Lüllmann, A., Poetzsch, M., Riehm, U.: Was bei einem Blackout geschieht: Folgen eines langandauernden und großflächigen Stromausfalls, vol. 662. Büro für Technikfolgen-Abschätzung (2011)
Petit, J., Shladover, S.E.: Potential cyberattacks on automated vehicles. IEEE Trans. Intell. Transport. Syst. 16(2), 546–556 (2015)
Prokofiev, A.O., Smirnova, Y.S., Silnov, D.S.: The internet of things cybersecurity examination. In: 2017 Siberian Symposium on Data Science and Engineering (SSDSE), pp. 44–48 (2017)
Schneier, B.: Attack trees. Dr. Dobb’s journal 24(12), 21–29 (1999)
Schneier, S.: Lies: Digital Security in a Networked World. Wiley, New York 21, 318–333 (2000)
Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., Lopez, J.: A survey of iot-enabled cyberattacks: assessing attack paths to critical infrastructures and services. IEEE Commun. Surv. Tutorials 20(4), 3453–3495 (2018)
Weiss, J.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, vol. 2, pp. 572–581 (1991)
Williams, L., Lippmann, R., Ingols, K.: GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85933-8_5
Witty, R.J., Allan, A., Enck, J., Wagner, R.: Identity and access management defined. Research Study SPA-21-3430, Gartner (2003)
Xie, P., Li, J.H., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 211–220. IEEE (2010)
Yan, D., Liu, F., Jia, K.: Modeling an information-based advanced persistent threat attack on the internal network. In: ICC 2019–2019 IEEE International Conference on Communications (ICC), pp. 1–7 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Katsikeas, S. et al. (2020). An Attack Simulation Language for the IT Domain. In: Eades III, H., Gadyatskaya, O. (eds) Graphical Models for Security. GraMSec 2020. Lecture Notes in Computer Science(), vol 12419. Springer, Cham. https://doi.org/10.1007/978-3-030-62230-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-62230-5_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62229-9
Online ISBN: 978-3-030-62230-5
eBook Packages: Computer ScienceComputer Science (R0)