kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Method for Quality Assessment of Threat Modeling Languages: The Case of enterpriseLang
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-0434-4436
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-0478-9347
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-3089-3885
2021 (English)In: CEUR Workshop Proceedings, CEUR-WS , 2021, p. 49-58Conference paper, Published paper (Refereed)
Abstract [en]

Enterprise systems are growing in complexity, and the adoption of cloud and mobile services has greatly increased the attack surface. To proactively address these security issues in enterprise systems, a threat modeling language for enterprise systems called enterpriseLang was proposed. It is a domain-specific language (DSL) designed using the Meta Attack Language (MAL) framework and focuses on describing system assets, attack steps, defenses, and asset associations. The threat models can serve as input for attack simulations to analyze the behavior of attackers within the system. However, whether and to what extent the functionality of these threat modeling languages is achieved has not been addressed. To ensure the correct functionality of threat modeling languages, this paper proposes a method to assess the quality of such languages and illustrates its application using enterpriseLang.

Place, publisher, year, edition, pages
CEUR-WS , 2021. p. 49-58
Keywords [en]
Attack simulations, Design guidelines, Domain-specific language, Test coverage, Threat modeling, Modeling languages, Attack simulation, Cloud services, Design guideline, Enterprise system, ITS applications, Mobile service, Quality assessment, Security issues, Test-coverage, Problem oriented languages
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-316065Scopus ID: 2-s2.0-85121720425OAI: oai:DiVA.org:kth-316065DiVA, id: diva2:1692965
Conference
14th IFIP WG 8.1 Working Conference on the Practice of Enterprise Modeling, PoEM-Forum 2021, 24 November 2021 through 26 November 2021
Note

QC 20220905

Available from: 2022-09-05 Created: 2022-09-05 Last updated: 2022-12-20Bibliographically approved

Open Access in DiVA

No full text in DiVA

Scopus

Authority records

Xiong, WenjunHacks, SimonLagerström, Robert

Search in DiVA

By author/editor
Xiong, WenjunHacks, SimonLagerström, Robert
By organisation
Network and Systems Engineering
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 56 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf