The project to create coreLang, an abstract MAL-based Domain Specific Language (DSL) for the generic IT domain.
- Active members (from KTH):
- Sotirios Katsikeas
- Mathias Ekstedt
- Andrei Buhaiu
- Past KTH contributors
- Simon Hacks
- Robert Lagerström
- Preetam Mukherjee
- Zeeshan Afzal
- Ismail Butun
- Past external collaborators:
- foreseeti AB
- Status: running 🟢
- Timeline: 2020-Ongoing
Cyber-attacks on IT infrastructures can have disastrous consequences for individuals, regions, as well as whole nations. In order to respond to these threats, the cyber security assessment of IT infrastructures can foster a higher degree of security and resilience against cyber-attacks. Therefore, the use of attack simulations based on system architecture models is proposed. To reduce the effort of creating new attack graphs for each system under assessment, domain-specific languages (DSLs) can be employed. DSLs codify the common attack logics of the considered domain. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop DSLs and generate attack graphs for modeled infrastructures. In this article, we propose coreLang as a MAL-based DSL for modeling IT infrastructures and analyzing weaknesses related to known attacks. To model domain-specific attributes, we studied existing cyber-attacks to develop a comprehensive language, which was iteratively verified through a series of brainstorming sessions with domain modelers. Finally, this first version of the language was validated against known cyber-attack scenarios.
- First version of coreLang
- First revised version of coreLang
- Conference paper presenting coreLang (GraMSec 2020)
- MITRE ATT&CK mapping to coreLang
- Journal article about the revised coreLang and evaluation against MITRE ATT&CK
This is a project run by the Software Systems Architecture and Security research group within the Division of Network and Systems Engineering at the Department of Computer Science at the School of Electrical Engineering and Computer Science @ KTH university.
For more of our projects, see the SSAS page at github.com.