Towards an Ecosystem of Domain Specific Languages for Threat Modeling


Today, many of our activities depend on the normal operation of the IT infrastructures that supports them. However, cyber-attacks on these infrastructures become more common and can lead to disastrous consequences. For that reason, efforts towards assessing the cyber-security of such infrastructures are being done. One way to achieve that is by using attack graph simulations based on system architecture models. The Meta Attack Language (MAL) was previously proposed as a framework for developing Domain Specific Languages (DSLs) that can be used for the aforementioned purpose. Since many common components exist among different domains, that will be modeled using MAL, a way to prevent repeating work had to be defined. To facilitate this goal, by following an adapted version of the taxonomy building by Nickerson, we propose an ecosystem of MAL-based DSLs that describes a systematic approach for not only developing, but also maintaining them over time. This can foster the usage of MAL for modeling new domains.

01: Privacy and security Main Track