In the contemporary cybersecurity world, effective security assessment methodologies are crucial to evaluate and enhance the security of systems, networks, applications, and data. Modeling and simulation can play a vital role by offering valuable representation and analysis of attacks and defense strategies in systems where the exploitation of threats can potentially lead to catastrophic consequences. The ADVISE Meta framework goes in this direction, providing an ontology-based approach that, starting from an architectural model of the system, allows to automatically generate detailed ADVISE security models which describe the attack steps that an adversary can follow to reach the goals. However, the framework has its drawbacks, such as a limited range of attacks and adversaries, and it solely considers the attacker’s viewpoint. In this work-in-progress paper, we continue the research direction started with previous works, where we proposed a methodology to extend the ontology of the ADVISE Meta framework with the attacks of the CAPEC database and the adversaries’ profiles of the TAL library. The focus is on discussing the current challenges around the ADVISE Meta framework and outlying the ongoing activities and research directions.
Security Modeling Challenges and Research Directions Around the ADVISE Meta Framework / Kordi, Marzieh; Mariotti, Francesco; Lollini, Paolo; Bondavalli, Andrea. - ELETTRONICO. - 14989 LNCS:(2024), pp. 275-283. (Intervento presentato al convegno SAFECOMP 2024) [10.1007/978-3-031-68738-9_21].
Security Modeling Challenges and Research Directions Around the ADVISE Meta Framework
Mariotti, Francesco;Lollini, Paolo;Bondavalli, Andrea
2024
Abstract
In the contemporary cybersecurity world, effective security assessment methodologies are crucial to evaluate and enhance the security of systems, networks, applications, and data. Modeling and simulation can play a vital role by offering valuable representation and analysis of attacks and defense strategies in systems where the exploitation of threats can potentially lead to catastrophic consequences. The ADVISE Meta framework goes in this direction, providing an ontology-based approach that, starting from an architectural model of the system, allows to automatically generate detailed ADVISE security models which describe the attack steps that an adversary can follow to reach the goals. However, the framework has its drawbacks, such as a limited range of attacks and adversaries, and it solely considers the attacker’s viewpoint. In this work-in-progress paper, we continue the research direction started with previous works, where we proposed a methodology to extend the ontology of the ADVISE Meta framework with the attacks of the CAPEC database and the adversaries’ profiles of the TAL library. The focus is on discussing the current challenges around the ADVISE Meta framework and outlying the ongoing activities and research directions.
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
