In the contemporary cybersecurity world, effective security assessment methodologies are crucial to evaluate and enhance the security of systems, networks, applications, and data. Modeling and simulation can play a vital role by offering valuable representation and analysis of attacks and defense strategies in systems where the exploitation of threats can potentially lead to catastrophic consequences. The ADVISE Meta framework goes in this direction, providing an ontology-based approach that, starting from an architectural model of the system, allows to automatically generate detailed ADVISE security models which describe the attack steps that an adversary can follow to reach the goals. However, the framework has its drawbacks, such as a limited range of attacks and adversaries, and it solely considers the attacker’s viewpoint. In this work-in-progress paper, we continue the research direction started with previous works, where we proposed a methodology to extend the ontology of the ADVISE Meta framework with the attacks of the CAPEC database and the adversaries’ profiles of the TAL library. The focus is on discussing the current challenges around the ADVISE Meta framework and outlying the ongoing activities and research directions.
Security modeling challenges and research directions around the ADVISE meta framework
Kordi Marzieh
;
2024
Abstract
In the contemporary cybersecurity world, effective security assessment methodologies are crucial to evaluate and enhance the security of systems, networks, applications, and data. Modeling and simulation can play a vital role by offering valuable representation and analysis of attacks and defense strategies in systems where the exploitation of threats can potentially lead to catastrophic consequences. The ADVISE Meta framework goes in this direction, providing an ontology-based approach that, starting from an architectural model of the system, allows to automatically generate detailed ADVISE security models which describe the attack steps that an adversary can follow to reach the goals. However, the framework has its drawbacks, such as a limited range of attacks and adversaries, and it solely considers the attacker’s viewpoint. In this work-in-progress paper, we continue the research direction started with previous works, where we proposed a methodology to extend the ontology of the ADVISE Meta framework with the attacks of the CAPEC database and the adversaries’ profiles of the TAL library. The focus is on discussing the current challenges around the ADVISE Meta framework and outlying the ongoing activities and research directions.| File | Dimensione | Formato | |
|---|---|---|---|
|
Security modeling challenges and research directions around the ADVISE Meta framework.pdf
non disponibili
Descrizione: Security Modeling Challenges and Research Directions Around the ADVISE Meta Framework
Tipologia:
Versione Editoriale (PDF)
Licenza:
Copyright dell'editore
Dimensione
209.97 kB
Formato
Adobe PDF
|
209.97 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
Paper_TOASTS_SafeComp_2024(3).pdf
accesso aperto
Descrizione: This is the Author Accepted Manuscript (postprint) version of the following paper: Kordi M. et al. "Security Modeling Challenges and Research Directions Around the ADVISE Meta Framework", [10.1007/978-3-031-68738-9_21
Tipologia:
Documento in Post-print
Licenza:
Creative commons
Dimensione
368.8 kB
Formato
Adobe PDF
|
368.8 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
