2015
DOI: 10.1109/tdsc.2014.2382574
|View full text |Cite
|
Sign up to set email alerts
|

P<inline-formula><tex-math>$^{2}$</tex-math><alternatives> <inline-graphic xlink:type="simple" xlink:href="holm-ieq1-2382574.gif"/></alternatives></inline-formula>CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language

Abstract: This paper presents the Predictive, Probabilistic Cyber Security Modeling Language (P 2 CySeMoL), an attack graph tool that can be used to estimate the cyber security of enterprise architectures. P 2 CySeMoL includes theory on how attacks and defenses relate quantitatively; thus, users must only model their assets and how these are connected in order to enable calculations. The performance of P 2 CySeMoL enables quick calculations of large object models. It has been validated on both a component level and a sy… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
11
0

Year Published

2018
2018
2021
2021

Publication Types

Select...
5
2

Relationship

1
6

Authors

Journals

citations
Cited by 65 publications
(11 citation statements)
references
References 51 publications
0
11
0
Order By: Relevance
“…Previous work, including CySeMoL [30], P2CySeMoL [6], and pwnPr3d [31], also employed architectural modeling, in which attacks and defenses were coupled to objects of system architectures and were probabilistically related by Bayesian networks. Their design essentially involved creating its qualitative structure (assets, attacks, defenses, and associations) and populating the qualitative structure with quantitative data (how likely different attacks are to succeed, given the presence or absence of different defenses).…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Previous work, including CySeMoL [30], P2CySeMoL [6], and pwnPr3d [31], also employed architectural modeling, in which attacks and defenses were coupled to objects of system architectures and were probabilistically related by Bayesian networks. Their design essentially involved creating its qualitative structure (assets, attacks, defenses, and associations) and populating the qualitative structure with quantitative data (how likely different attacks are to succeed, given the presence or absence of different defenses).…”
Section: Related Workmentioning
confidence: 99%
“…Threat modeling is used to assess the current state of a system and as a security-by-design tool for developing new systems. A recent improvement is to couple threat modeling with attack simulations [5], [6]. In such simulations, the steps taken by an attacker to compromise system assets are traced, and a time estimate is computed from the initial step to the compromise of assets of interest [2].…”
Section: Introductionmentioning
confidence: 99%
“…Hitherto, we have united the approaches of attack graphs and system modeling in our previous works like P2CySeMoL (Holm et al 2015) and securiCAD (Ekstedt et al 2015). Our central idea was to automatically generate probabilistic attack graphs based on a existing system specification.…”
Section: State Of the Artmentioning
confidence: 99%
“…Last, the collected information needs to be processed to detect all weaknesses that can be exploited. To address this, the use of attack simulations based on system architecture models have been proposed (e.g., Ekstedt et al 2015;Holm et al 2015). These approaches take a model of the system and simulate cyber-attacks to identify weaknesses.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation