The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures

Sommestad, Teodor; Ekstedt, Mathias; Holm, Hannes

doi:10.1109/jsyst.2012.2221853

Cited by 128 publications

(55 citation statements)

References 38 publications

(48 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Group is a binary relation, where Group(A, B) means that A is a new (virtual) component, which groups B (together with, possibly, other components). In this case A is a new component, and Group is consistent in terms of Contr and T hreat relations, as shown in Table 5 (6)- (12). The last composability relation is M erge, where M erge(A, B) means that a new component A is used to consolidate all the internal components (B, and possibly other components) into a new one and merges their states and relations, as represented in Table 5 (13)-(18).…”

Section: Fig 2: Examples Of Controls and Threatens Relationsmentioning

confidence: 82%

Formalizing Threat Models for Virtualized Systems

Sgandurra

Karafili

Lupu

2016

Data and Applications Security and Privacy XXX

View full text Add to dashboard Cite

Abstract. We propose a framework, called FATHoM (FormAlizing THreat Models), to define threat models for virtualized systems. For each component of a virtualized system, we specify a set of security properties that defines its control responsibility, its vulnerability and protection states. Relations are used to represent how assumptions made about a component's security state restrict the assumptions that can be made on the other components. FATHoM includes a set of rules to compute the derived security states from the assumptions and the components' relations. A further set of relations and rules is used to define how to protect the derived vulnerable components. The resulting system is then analysed, among others, for consistency of the threat model. We have developed a tool that implements FATHoM, and have validated it with use-cases adapted from the literature.

show abstract

Section: Fig 2: Examples Of Controls and Threatens Relationsmentioning

confidence: 82%

Formalizing Threat Models for Virtualized Systems

Sgandurra

Karafili

Lupu

2016

Data and Applications Security and Privacy XXX

View full text Add to dashboard Cite

show abstract

“…Other analysis frameworks focus on the assessment of non-functionality qualities such as availability [10], interoperability [11], modifiability [12], and security [13]. These frameworks use Bayesian analysis or Visualizing and Measuring Enterprise Application Architecture June 28, 2013 probabilistic versions of the Object Constraint Language for enterprise modeling.…”

Section: Enterprise Architecture Analysismentioning

confidence: 99%

Visualizing and Measuring Enterprise Architecture: An Exploratory BioPharma Case

Lagerström

Baldwin

MacCormack

et al. 2013

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

show abstract

“…This paper exempli es the mapping functionality by instantiating a subset of the meta-model of the CySeMoL (Cyber Security Modeling Language) [10]. This modeling language follows the abstract model presented in [9] and uses the PRM formalism to estimate the value of security attributes from an architecture model.…”

Section: Cysemolmentioning

confidence: 99%

A Tool for Automatic Enterprise Architecture Modeling

Buschle

Holm

Sommestad

et al. 2012

Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications

Self Cite

View full text Add to dashboard Cite

Abstract. Enterprise architecture is an approach which aim to provide decision support based on organization-wide models. The creation of these models is however cumbersome as multiple aspects of an organization need to be considered. The Enterprise Architecture approach would be signi cantly less demanding if data used to create the models could be collected automatically. This paper illustrates how a vulnerability scanner can be utilized for data collection in order to automatically create enterprise architecture models. We show how this approach can be realized by extending an earlier presented Enterprise Architecture tool. An example is provided through a case study applying the tool on a real network.

show abstract

The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures

Cited by 128 publications

References 38 publications

Formalizing Threat Models for Virtualized Systems

Formalizing Threat Models for Virtualized Systems

Visualizing and Measuring Enterprise Architecture: An Exploratory BioPharma Case

A Tool for Automatic Enterprise Architecture Modeling

Contact Info

Product

Resources

About