A Manual for the Cyber Security Modeling Language (simplified ... - KTH

Nov 14, 2013 - as IT applications handle everything from management of critical data ..... Type-safe API's [45] involves using a development environment that is ...
1MB Sizes 51 Downloads 122 Views
A Manual for the Cyber Security Modeling Language (simplified version) Hannes Holm, Mathias Ekstedt, Teodor Sommestad, Matus Korman Department of Industrial Information and Control Systems, Royal Institute of Technology, 100 44 Stockholm, Sweden

Abstract The Cyber Security Modeling Language (CySeMoL) is an attack graph tool that can be used to estimate the cyber security of enterprise architectures. CySeMoL includes theory on how attacks and defenses relate quantitatively; thus, users must only model their assets and how these are connected in order to enable calculations. This report functions as a manual to facilitate practical usage and understanding of CySeMoL. Keywords: Cyber security, security metrics, attack graphs, SCADA systems This report is a simplified version of the manual for the Cyber Security Modeling Language (CySeMoL). It contains all information that is necessary to understand in order to create CySeMoL object models. It does however not contain detailed descriptions of the different attack steps that are available within the framework - this as they are automatically calculated depending on the architecture modeled by the user of CySeMoL. 1. Introduction Information Technology (IT) is today a cornerstone of next to all business as IT applications handle everything from management of critical data to control of physical processes such as the power grid. Considerable effort is thus spent by both researchers and practitioners to preserve IT systems in a reliable and predictable state. This is however a difficult topic to manage as a modern IT architecture typically is composed of a large number of systems, processes and Email address: [email protected] (Mathias Ekstedt) Date of revision

November 14, 2013

individuals connected to form a complex system-of-systems (hereafter refered to simply as system). Threats towards the state of the system arise from errors made both during the development and the maintenance of employed IT. The presence of individuals determined to exploit these errors to conduct unauthorized activity in the system adds another layer to the complexity of the problem. To estimate the vulnerability of a system, an enormous amount of factors need be considered. It is not sufficient to address all vulnerabilities within it there is also a need to understand how these vulnerabilities relate. Consequently, it is a difficult task for enterprise decision makers to effectively manage the cyber security of their system. A common means of estimating the cyber security of their system in practice is to consult experts, e.g., network penetration testers. While consulting experts certainly is valuable, resulting estimates come with three significant delimitations: they are only valid for 1) the time that they were carried out, 2) the parts of the enterprise architecture that were studied by the expert, and 3) the competence of the consulted expert. These delimitations are especially problematic given the dynamic nature of enterprise IT systems and the lack of resources available for analyses. Enterprise decision makers are thus in need of tools that can help estimate the cyber security of their system in an easy-to-understand fashion. While there are various tools available for this purpose, most suffer from being either too vague, and thus ultimately subjective [1] (e.g., Common Criteria [2], OCTAVE [3], CORAS [4] and the model by Breu et al. [5]), or too limited in terms of scope (e.g., MulVAL [6, 7], NetSPA [8] or TVA-tool [9]). With the shortcomings of existing tools in mind, researchers at the department of Industrial information and Control Systems (ICS) at the Royal Institute of Technology (KTH) in Stockholm, Sweden, developed a new tool denoted the Cyber Security Modeling Language (CySeMoL) [10]. CySeMoL is a modeling framework and calculation engine for estimating the cyber security of enterprise-level system architectures [10]. CySeMoL includes theory on how attacks and defenses relate quantitatively; thus, security expertise is not required from it