Empirical Testing of the CySeMoL Tool for Cyber Security Assessment – Case Study of Linux Server and MySQL

Abstract: In this Master Thesis, several common applications used with MySQL and Linux server are modelled using the Enterprise Architecture Analysis Tool (EAAT) and the Cyber Security Modelling Language (CySeMoL), both developed by the Department of Industrial Information and Control System (ICS) at KTH. The objective of this study is to use the CySeMoL tool to evaluate the feasibility and correctness of the tool by simulating some particular type of attacks on a real life Linux server. A few common applications with MySQL on a Linux server and two Linux operating system services are modelled and explained together with their detailed information and defense mechanisms. A real life penetration test has then been carried out in order to validate the simulated results from the tool. The results of the analysis suggest that the security vulnerability predictions done by CySeMoL on a Linux server has good predictive performance.