iBet uBet web content aggregator. Adding the entire web to your favor.
iBet uBet web content aggregator. Adding the entire web to your favor.



Link to original content: https://unpaywall.org/10.1007/978-3-030-79382-1_1
Towards an Ecosystem of Domain Specific Languages for Threat Modeling | SpringerLink
Skip to main content
Springer Nature Link
Log in

Towards an Ecosystem of Domain Specific Languages for Threat Modeling

  • Conference paper
  • First Online:
Advanced Information Systems Engineering (CAiSE 2021)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12751))

Included in the following conference series:

Abstract

Today, many of our activities depend on the normal operation of the IT infrastructures that supports them. However, cyber-attacks on these infrastructures can lead to disastrous consequences. Therefore, efforts towards assessing the cyber-security are being done, such as attack graph simulations based on system architecture models. The Meta Attack Language (MAL) was previously proposed as a framework for developing Domain Specific Languages (DSLs) that can be used for the aforementioned purpose. Since many common components exist among different domains, a way to prevent repeating work had to be defined. To facilitate this goal, we adapt taxonomy building by Nickerson and propose an ecosystem of MAL-based DSLs that describes a systematic approach for not only developing, but also maintaining them over time. This can foster the usage of MAL for modeling new domains.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://attack.mitre.org/.

  2. 2.

    https://collaborate.mitre.org/attackics.

References

  1. Adner, R.: Match your innovation strategy to your innovation ecosystem. Harvard Bus. Rev. 84(4), 98–107 (2006)

    Google Scholar 

  2. Adner, R.: Ecosystem as structure: an actionable construct for strategy. J. Manage. 43(1), 39–58 (2017)

    Google Scholar 

  3. Aldea, A., Vaicekauskaite, E., Daneva, M., Piest, J.S.: Assessing resilience in enterprise architecture: a systematic review. In: 24th International EDOC Conference, pp. 1–10. IEEE CS, Los Alamitos (2020)

    Google Scholar 

  4. Baldwin, C.Y., Clark, K.B.: Design rules: the power of modularity, vol. 1. MIT press (2000)

    Google Scholar 

  5. Barbosa, A., Santana, A., Hacks, S., Stein, N.v.: A taxonomy for enterprise architecture analysis research. In: 21st ICEIS, vol. 2, pp. 493–504. SciTePress (2019)

    Google Scholar 

  6. Ceccagnoli, M., Forman, C., Huang, P., Wu, D.J.: Cocreation of value in a platform ecosystem! the case of enterprise software. MIS Q. 36(1), 263–290 (2012)

    Article  Google Scholar 

  7. CEN-CENELEC-ETSI, Smart Grid Coordination Group: Smart grid reference architecture (2012)

    Google Scholar 

  8. Cleenewerck, T.: Component-based DSL development. In: Pfenning, F., Smaragdakis, Y. (eds.) GPCE 2003. LNCS, vol. 2830, pp. 245–264. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39815-8_15

    Chapter  Google Scholar 

  9. Ekstedt, M., Johnson, P., Lagerström, R., Gorton, D., Nydrén, J., Shahzad, K.: securiCAD by foreseeti: a CAD tool for enterprise cyber security management. In: 19th International EDOC Workshop, pp. 152–155. IEEE (2015)

    Google Scholar 

  10. Goluch, G., Ekelhart, A., Fenz, S., Jakoubi, S., Tjoa, S., Muck, T.: Integration of an ontological information security concept in risk aware business process management. In: 41st HICSS 2008, pp. 377–386 (2008)

    Google Scholar 

  11. Hacks, S., Hacks, A., Katsikeas, S., Klaer, B., Lagerström, R.: Creating meta attack language instances using archimate: applied to electric power and energy system cases. In: 23rd International EDOC, pp. 88–97 (2019)

    Google Scholar 

  12. Hacks, S., Katsikeas, S., Ling, E., Lagerström, R., Ekstedt, M.: powerLang: a probabilistic attack simulation language for the power domain. Energy Inform. 3(1), 1–17 (2020). https://doi.org/10.1186/s42162-020-00134-4

    Article  Google Scholar 

  13. Hjørland, B.: Domain analysis in information science. J. Documentation 58(4), 422–462 (2002)

    Article  Google Scholar 

  14. Jacobides, M.G., Cennamo, C., Gawer, A.: Towards a theory of ecosystems. Strateg. Manage. J. 39(8), 2255–2276 (2018)

    Article  Google Scholar 

  15. Johanson, A.N., Hasselbring, W.: Hierarchical combination of internal and external domain-specific languages for scientific computing. In: ECSAW. ACM (2014)

    Google Scholar 

  16. Johnson, P., Lagerström, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, p. 38. ACM (2018)

    Google Scholar 

  17. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005). https://doi.org/10.1007/b137706

    Book  MATH  Google Scholar 

  18. Katsikeas, S., et al.: An attack simulation language for the IT domain. In: Eades III, H., Gadyatskaya, O. (eds.) GraMSec 2020. LNCS, vol. 12419, pp. 67–86. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-62230-5_4

    Chapter  Google Scholar 

  19. Katsikeas, S., Johnson, P., Hacks, S., Lagerström, R.: Probabilistic modeling and simulation of vehicular cyber attacks: an application of the meta attack language. In: 5th ICISSP (2019)

    Google Scholar 

  20. Keepence, B., Mannion, M.: Using patterns to model variability in product families. IEEE Softw. 16(4), 102–108 (1999)

    Article  Google Scholar 

  21. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_6

    Chapter  Google Scholar 

  22. Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: Dag-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13, 1–38 (2014)

    Article  Google Scholar 

  23. Mernik, M., Heering, J., Sloane, A.M.: When and how to develop domain-specific languages. ACM Comput. Surv. 37(4), 316–344 (2005)

    Article  Google Scholar 

  24. Morikawa, I., Yamaoka, Y.: Threat tree templates to ease difficulties in threat modeling. In: 14th NBiS, pp. 673–678 (2011)

    Google Scholar 

  25. do Nascimento, L.M., Viana, D.L., Neto, P., Martins, D., Garcia, V.C., Meira, S.: A systematic mapping study on domain-specific languages. In: The Seventh ICSEA, pp. 179–187 (2012)

    Google Scholar 

  26. Nickerson, R.C., Varshney, U., Muntermann, J.: A method for taxonomy development and its application in information systems. EJIS 22(3), 336–359 (2013)

    Google Scholar 

  27. Paja, E., Dalpiaz, F., Giorgini, P.: Modelling and reasoning about security requirements in socio-technical systems. Data Knowl. Eng. 98, 123–143 (2015)

    Article  Google Scholar 

  28. Petermann, T., Bradke, H., Lüllmann, A., Poetzsch, M., Riehm, U.: Was bei einem Blackout geschieht: Folgen eines langandauernden und großflächigen Stromausfalls, vol. 662. Büro für Technikfolgen-Abschätzung (2011)

    Google Scholar 

  29. Petit, J., Shladover, S.E.: Potential cyberattacks on automated vehicles. IEEE Trans. Intell. Transp. Syst. 16(2), 546–556 (2015)

    Google Scholar 

  30. Preschern, C., Kajtazovic, N., Kreiner, C.: Efficient development and reuse of domain-specific languages for automation systems. Int. J. Metadata Semant. Ontol. 9(3), 215–226 (2014)

    Article  Google Scholar 

  31. Preschern, C., Leitner, A., Kreiner, C.: Domain specific language architecture for automation systems: an industrial case study. In: 8th ECMFA, pp. 1–12 (2012)

    Google Scholar 

  32. Prähofer, H., Hurnaus, D.: Monaco - a domain-specific language supporting hierarchical abstraction and verification of reactive control programs. In: 2010 8th IEEE International Conference on Industrial Informatics, pp. 908–914 (2010)

    Google Scholar 

  33. Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

  34. Spinellis, D.: Notable design patterns for domain-specific languages. J. Syst. Softw. 56(1), 91–99 (2001)

    Article  Google Scholar 

  35. Stellios, I., Kotzanikolaou, P., Psarakis, M., Alcaraz, C., Lopez, J.: A survey of IOT-enabled cyberattacks: assessing attack paths to critical infrastructures and services. IEEE Commun. Surv. Tutorials 20(4), 3453–3495 (2018)

    Article  Google Scholar 

  36. Teece, D.J.: Explicating dynamic capabilities: the nature and microfoundations of (sustainable) enterprise performance. Strateg. Manage. J. 28(13), 1319–1350 (2007)

    Article  Google Scholar 

  37. Weijermars, R.: Value chain analysis of the natural gas industry: lessons from the us regulatory success and opportunities for Europe. J. Nat. Gas. Sci. Eng. 2(2), 86–104 (2010)

    Article  Google Scholar 

  38. Williams, L., Lippmann, R., Ingols, K.: GARNET: a graphical attack graph and reachability network evaluation tool. In: Goodall, J.R., Conti, G., Ma, K.-L. (eds.) VizSec 2008. LNCS, vol. 5210, pp. 44–59. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85933-8_5

    Chapter  Google Scholar 

  39. Xiong, W., Legrand, E., Åberg, O., Lagerström, R.: Cyber security threat modeling based on the mitre enterprise att&ck matrix. submitted to SoSyM Journal (2020)

    Google Scholar 

Download references

Acknowledgement

This project has received funding from the European Union’s H2020 research and innovation programme under the Grant Agreement No. 832907, and the Swedish Centre for Smart Grids and Energy Storage (SweGRIDS).

Author information

Authors and Affiliations

  1. Division of Network and Systems Engineering, KTH Royal Institute of Technology, Stockholm, Sweden

    Simon Hacks & Sotirios Katsikeas

Authors
  1. Simon Hacks
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sotirios Katsikeas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Simon Hacks .

Editor information

Editors and Affiliations

  1. The University of Melbourne, Melbourne, VIC, Australia

    Marcello La Rosa

  2. The University of Queensland, St Lucia, QLD, Australia

    Shazia Sadiq

  3. Universitat Politècnica de Catalunya, Barcelona, Spain

    Ernest Teniente

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hacks, S., Katsikeas, S. (2021). Towards an Ecosystem of Domain Specific Languages for Threat Modeling. In: La Rosa, M., Sadiq, S., Teniente, E. (eds) Advanced Information Systems Engineering. CAiSE 2021. Lecture Notes in Computer Science(), vol 12751. Springer, Cham. https://doi.org/10.1007/978-3-030-79382-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-79382-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-79381-4

  • Online ISBN: 978-3-030-79382-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation