kth.sePublications KTH
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Threat Modeling and Attack Simulations for Enterprise and ICS
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-0434-4436
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. (Software Systems Architecture and Security)ORCID iD: 0000-0003-0478-9347
2020 (English)Conference paper, Oral presentation with published abstract (Other (popular science, discussion, etc.))
Abstract [en]

This work concentrates on the cyber security of enterprise and Industrial Control Systems (ICS).

Enterprise systems are growing in complexity, and the adoption of cloud and mobile services has greatly increased attack surfaces. This all has led to fragmentation on the security front. To improve the security of enterprise systems, threat modeling can be applied to proactively deal with security issues from a holistic point of view, and can also be combined with attack simulations to provide quantitative security measurements, which has not been commonly used while shown efficient in some disciplines.

Hitherto, we have proposed the use of attack simulations based on system architecture models. Our approaches facilitate a model of the system and simulate cyber-attacks in order to identify the greatest weaknesses. This can be imagined as the execution of a great number of parallel virtual penetration tests. Such an attack simulation tool enables the security assessor to focus on the collection of the information about the system required for the simulations.

As the previous approaches rely on a static implementation, we propose the use of MAL (the Meta Attack Language). This framework for domain-specific languages (DSLs) defines which information about a system is required and specifies the generic attack logic. Since MAL is a meta language (i.e. the set of rules that should be used to create a new DSL), no particular domain of interest is represented, but it can be used to create languages targeting certain domains

This work introduces enterpriseLang - a threat modeling language for enterprise security based on the MITRE ATT&CK Matrix, which can assess the cyber security of enterprise systems from a holistic point of view. This compilable language can automatically visualize possible attack paths an adversary may choose, show the most vulnerable asset, and provide possible mitigations for each attack step intended to counter cyber-attacks. The attack steps representing adversary techniques are captured within the ATT&CK Matrix based on real-world observations. These adversary techniques are categorized by tactics, and are organized with security metrics e.g. platform, permissions required, and mitigations that provide information for threat modeling. The proposed threat modeling language is tested through modeling real-world attack scenarios, thus can be used to forecast attacks on enterprise systems. The language can also be re-used by people with less security expertise to automatically assess the security of their specific-enterprise systems.

This core IT related threat modeling language is complemented by our IcsLang that allows to create and simulate OT specific environments. Similarly to enterpriseLang, this language is based on the ICS MITRE ATT&CK Matrix and enriched by real-world observations collected from industry partners in an EU project (EnergyShield). Based on the characteristics of MAL, we will motivate why certain types of attacks are included in our artifact and others not. Mainly, this is based on assumptions, made in the design of MAL and creating a trade-off between level of detail and usability.

To demonstrate the applicability and the integration between the two languages, we present energy domain architecture and simulate well known attacks like the Ukrainian scenario.
Place, publisher, year, edition, pages
2020.
National Category
Computer Sciences Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-284445OAI: oai:DiVA.org:kth-284445DiVA, id: diva2:1478646
Conference
CS3STHLM Stockholm 19-22 October 2020,
Note

QC 20201026

Available from: 2020-10-22 Created: 2020-10-22 Last updated: 2022-12-20Bibliographically approved

Open Access in DiVA

fulltext(5028 kB)502 downloads
File information
File name FULLTEXT01.pdfFile size 5028 kBChecksum SHA-512
856252df4cac9295f6063450cd0c43c048d7cd643dde8dc826ce03203e399e96f0411162ee0e9b6a1ae077a27c6815129bf46e2abbce35621185be16e7c98bea
Type fulltextMimetype application/pdf

Authority records

Xiong, WenjunHacks, Simon

Search in DiVA

By author/editor
Xiong, WenjunHacks, Simon
By organisation
Network and Systems Engineering
Computer SciencesComputer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 502 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1741 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub
|
About Open Access