Skip to content
/ coreLang-validation Public

A large scale correctness evaluation of coreLang (and potentially every MAL-based DSL) against human experts

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KTH-SSAS/coreLang-validation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.images
.images
 
 
.gitignore
.gitignore
 
 
QuestionnaireComplete.pdf
QuestionnaireComplete.pdf
 
 
README.md
README.md
 
 

Repository files navigation


Decorative image

coreLang validation

Official project title: "Empirical Evaluation of a Threat Modeling Language as a Cybersecurity Assessment Tool"

(Former title: "Evaluating the Correctness of Domain-Specific Threat Modeling Languages")

Table of contents

Quick Info

  • Active members:
    • Sotirios Katsikeas
    • Engla Rencelj Ling
    • Pontus Johnson
    • Mathias Ekstedt
  • Status: completed 🟢
  • Timeline: 2022-2023
  • Parent project: coreLang

Description

In this work, we aim to assess the trustworthiness and reliability of a domain-specific threat modeling language, specifically through applying an empirical method that we propose to coreLang—one of our previously developed DSLs. We base the evaluation in comparing the results of attack simulations generated by the threat modeling language against assessments made by human cybersecurity domain experts, penetration testing training data and random guessers.

The initial hypothesis we are working with, is that the simulation results will, on average, exhibit equal or greater correctness when compared to assessments made by human experts, especially if the complexity of the analyzed system is high. If our hypothesis is confirmed, we would be content, as it would indicate that coreLang's simulation results could be effectively employed for decision support and improve the effectiveness of real-life cybersecurity assessments.

Work Products

  • Create a solid plan on how this validation should be done
  • Create the infrastructure to be used in the validation
  • Perform the experiments with the human domain experts
  • Analyse the results of the validation
  • Author the article
  • Submit the article for publication at Elsevier's Computers & Security
  • Article is published and is available here

Resources


KTH logo

This is a project run by the Software Systems Architecture and Security research group within the Division of Network and Systems Engineering at the Department of Computer Science at the School of Electrical Engineering and Computer Science @ KTH university.

For more of our projects, see the SSAS page at github.com.

About

A large scale correctness evaluation of coreLang (and potentially every MAL-based DSL) against human experts

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published