StrideLang : Creation of a Domain-Specific Threat Modeling Language using STRIDE, DREAD and MAL

University essay from KTH/Skolan för elektroteknik och datavetenskap (EECS)

Author: Lazar Cerovic; [2022]

Keywords: Meta attack language; Domain specific language; Attack graphs; Threat modeling; STRIDE; DREAD; Attack simulation; Cyber defence; Meta attack language; Domänspecifika språk; Attack grafer; Hotmodellering; STRIDE; DREAD; Attack simulering; Cyberförsvar;

Abstract: Cybersecurity is still one of the main challenges of the digital era for organizations and individuals alike. Threat modeling is an important tool for building systems that are reliable and secure. The research question for this study is to create a domain specific language (DSL) with the Meta Attack Language (MAL), STRIDE and DREAD. One of the main challenges is to choose a DSL that is suitable for threat modeling. The purpose of the study is to provide people with threat modeling with additional tools that can be used in attack simulations. MAL is a meta language used for creating DSL that can be used for attack simulations. An example of a MAL project that usually serves as a template for other DSL is coreLang, which models the general IT infrastructure. STRIDE is a model used in threat modeling to enumerate and categorization of cyberthreats. DREAD is a model used for risk assessment that scores each threat by a value between one and ten. The proposed method for answering the research question is the Design Research Science Method (DRSM), which is often used for creating artifacts. Evaluation of the results is done with tests written in Java using the Junit framework. The result of the study is the creation of strideLang that maps attack steps in coreLang (MAL implementation of the general IT infrastructure DSL) to STRIDE and DREAD models. The primary source of error in the investigation is the risk assessment with DREAD, which can be somewhat inaccurate depending on what specific DSL is used. It would have been valuable if the study incorporated feedback from domain experts specifically with risk assessment. The nature of the STRIDE and DREAD models is that the models are very subjective in practice. However, this study does provide insights in how a DSL can be created based on DREAD and STRIDE. Future work might investigate a different DSL, incorporate tools such as SecuriCAD and compare different threat models.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)