ICT infrastructures are getting increasingly complex, and defending them against cyber attacks is cumbersome. As cyber threats continue to increase and expert resources are limited, organizations must find more efficient ways to evaluate their resilience and take proactive measures. Threat modeling is an excellent method of assessing the resilience of ICT systems, for example, by building Attack Graphs that illustrate an adversary’s attack vectors. Previously, the Meta Attack Language (MAL) was proposed, which serves as a framework to develop Domain Specific Languages (DSLs) and generate Attack Graphs for modeled infrastructures. coreLang is a MAL-based threat modeling language that utilizes Attack Graphs to enable attack simulations and security assessments. In this work, we present the first release version of coreLang in which MITRE ATT&CK tactics and techniques are mapped onto to serve as a validation and identify strengths and weaknesses to benefit the development cycle. Our validation showed that coreLang does cover 46% of all the techniques included in the matrix, while if we additionally exclude the tactics that are intrinsically not covered by coreLang and MAL, the coverage percentage increases to 64%.
Read full abstract