The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures

被引:77
|
作者
Sommestad, Teodor [1 ]
Ekstedt, Mathias [1 ]
Holm, Hannes [1 ]
机构
[1] Royal Inst Technol, S-10044 Stockholm, Sweden
来源
IEEE SYSTEMS JOURNAL | 2013年 / 7卷 / 03期
关键词
Computer security; expert systems; risk analysis; supervisory control and data acquisition (SCADA) systems; VALIDATION;
D O I
10.1109/JSYST.2012.2221853
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The cyber security modeling language (CySeMoL) is a modeling language for enterprise-level system architectures coupled to a probabilistic inference engine. If the computer systems of an enterprise are modeled with CySeMoL, this inference engine can assess the probability that attacks on the systems will succeed. The theory used for the attack-probability calculations in CySeMoL is a compilation of research results on a number of security domains and covers a range of attacks and countermeasures. The theory has previously been validated on a component level. In this paper, the theory is also validated on a system level. A test indicates that the reasonableness and correctness of CySeMoL assessments compare with the reasonableness and correctness of the assessments of a security professional. CySeMoL's utility has been tested in case studies.
引用
收藏
页码:363 / 373
页数:11
相关论文
共 50 条
  • [1] Cyber Security for Middleware System Architectures
    Colonese, Emilia
    de Oliveira, Jose Parente
    Yano, Edgar
    Amorim, Joni
    Andler, Sten
    Gustavsson, Per
    [J]. PROCEEDINGS OF THE 9TH INTERNATIONAL CONFERENCE ON CYBER WARFARE AND SECURITY (ICCWS-2014), 2014, : 361 - 365
  • [2] REVS: A Vulnerability Ranking Tool for Enterprise Security
    Forain, Igor
    Albuquerque, Robson de Oliveira
    de Sousa Junior, Rafael Timoteo
    [J]. ICEIS: PROCEEDINGS OF THE 24TH INTERNATIONAL CONFERENCE ON ENTERPRISE INFORMATION SYSTEMS - VOL 2, 2022, : 126 - 133
  • [3] securiCAD by foreseeti A CAD tool for enterprise cyber security management
    Ekstedt, Mathias
    Johnson, Pontus
    Lagerstrom, Robert
    Gorton, Dan
    Nydren, Joakim
    Shahzad, Khurram
    [J]. PROCEEDINGS OF THE 2015 IEEE 19TH INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS AND DEMONSTRATIONS (EDOCW 2015), 2015, : 152 - 155
  • [4] Cyber Security Vulnerability Detection Using Natural Language Processing
    Singh, Kanchan
    Grover, Sakshi S.
    Kumar, Ranjini Kishen
    [J]. 2022 IEEE WORLD AI IOT CONGRESS (AIIOT), 2022, : 174 - 178
  • [5] An Innovative Network Security Vulnerability Modeling Method and Tool
    Qiu, Xiangqun
    Paterson, Rob
    [J]. IEEE COMMUNICATIONS MAGAZINE, 2010, 48 (01) : 104 - 108
  • [6] A Framework for Modeling Cyber Attack Techniques from Security Vulnerability Descriptions
    Binyamini, Hodaya
    Bitton, Ron
    Elovici, Yuval
    Shabtai, Asaf
    Inokuchi, Masaki
    Yagyu, Tomohiko
    [J]. KDD '21: PROCEEDINGS OF THE 27TH ACM SIGKDD CONFERENCE ON KNOWLEDGE DISCOVERY & DATA MINING, 2021, : 2574 - 2583
  • [7] Cyber Security Threat Modeling of A Telesurgery System
    Al Asif, Md Rashid
    Khondoker, Rahamatullah
    [J]. 2020 2ND INTERNATIONAL CONFERENCE ON SUSTAINABLE TECHNOLOGIES FOR INDUSTRY 4.0 (STI), 2020,
  • [8] An approach for modeling and analysis of security system architectures
    Deng, Y
    Wang, JC
    Tsai, JJP
    Beznosov, K
    [J]. IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 2003, 15 (05) : 1099 - 1119
  • [9] Cyber Security Framework for Enterprise System Development: Enhancing Domain Security Through ESM
    Farroha, Bassam S.
    Farroha, Deborah L.
    [J]. MILITARY COMMUNICATIONS CONFERENCE, 2010 (MILCOM 2010), 2010, : 924 - 929
  • [10] Modeling and Assessing the Impact of Security Attacks on Enterprise Information Systems
    Djemaiel, Yacine
    Boudriga, Noureddine
    [J]. BUSINESS INFORMATION SYSTEMS WORKSHOPS (BIS 2014), 2014, 183 : 281 - 292
12345