Identifying Patterns in MAL Languages

Abstract: With the advent of the digital era there has been an exponential increase in complex cyber systems.As our everyday lives are increasingly being spent on the digital world as much as the physical world or even sometimes more, there is an increased risk of cyber threats or breaches which can lead to loss of data, financial damage or even at its extreme threaten our security and lives. A robust form of resiliency should be introduced into these structures to ensure the digital wellbeing of society. Threat modelling is one of the key steps to building this security framework, it is the process by which the vulnerabilities of a system are analysed and eliminated before they can be exploited by a malicious attacker. The Meta Attack Language provides a framework for the creation of domain specific languages that can express probabilistic attack graphs and there are already a few flavours of language instances created using this framework such as vehicleLang for the automotive domain and icsLang for industrial control systems. As there already exist a few instances of the Meta Attack Language and some that are in development there must exist best and worst practices for the development of these languages. It is essential that these are identified and provided to future developers of such languages to ensure more efficient and robust threat modelling of systems. In order to achieve this, this work is focussed on finding the patterns present in MAL development and cataloging them. These recurrent patterns, if proven to be beneficial, can add to the body of MAL literature and greatly help the team with their efforts. The thesis is a qualitative study involving interviews with the language developers and a code analysis to validate the findings. The end goal is to identify the patterns in MAL and catalog them in order to identify and define the future direction to be taken for development.