The digital transformation exposes organizations to new threats endangering their business. A way to uncover these threats is threat modeling and attack simulations. However, modeling an entire organization by hand is time consuming and error prone. Therefore, we propose to reuse Enterprise Architecture (EA) models. In this work, we propose a mapping from ArchiMate, a common EA modeling language, to coreLang, a threat modeling language, and use the resulting models to perform attack simulations to foresee possible attack paths. Then, we play back the results of the attack simulations to the EA model and complete the round-trip. To demonstrate our approach, we developed a prototype performing the transformation from ArchiMate to coreLang and applied our approach to the well-known ArchiSurance example.
CITATION STYLE
Aldea, A., & Hacks, S. (2022). Analyzing Enterprise Architecture Models by Means of the Meta Attack Language. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 13295 LNCS, pp. 423–439). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-07472-1_25
Mendeley helps you to discover research relevant for your work.