Abstract

Nowadays, IT infrastructures are involved in making innumerable aspects of our lives convenient, starting with water or energy distribution systems, and ending with e-commerce solutions and online banking services. In the worst case, cyberattacks on such infrastructures can paralyze whole states and lead to losses in terms of both human lives and money.One of the approaches to increase security of IT infrastructures relies on modeling possible ways of compromising them by potential attackers. To facilitate creation and reusability of such models, domain specific languages (DSLs) can be created. Ideally, a user will employ a DSL for modeling their infrastructure of interest, with the domain-specific threats and attack logic being already encoded in the DSL by the domain experts.The Meta Attack Language (MAL) has been introduced previously as a meta-DSL for development of security-oriented DSLs. In this work, we define formally the syntax and a semantics of MAL to ease a common understanding of MAL’s functionalities and enable reference implementations on different technical platforms. It’s applicability for modeling and analysis of security of IT infrastructures is illustrated with an example.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.