Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix

Created2021-07-08|Updated2023-09-27|papersabstract

|Post Views:

abstract

To proactively address these security issues in enterprise systems, this paper proposes a threat modeling language for enterprise security based on the MITRE Enterprise ATT&CK Matrix. It is designed using the Meta Attack Language framework and focuses on describing system assets, attack steps, defenses, and asset associations. The attack steps in the language represent adversary techniques as listed and described by MITRE. This entity-relationship model describes enterprise IT systems as a whole; by using available tools, the proposed language enables attack simulations on its system model instances. These simulations can be used to investigate security settings and architectural changes that might be implemented to secure the system more effectively. Our proposed language is tested with a number of unit and integration tests. This is visualized in the paper with two real cyber attacks modeled and simulated.

abstract中指出：

文章提出一种基于 MITRE 攻击矩阵的威胁建模语言，可以用进行企业安全分析
该语言使用元攻击语言框架设计，重点描述系统资产、攻击步骤、防御和资产关系
语言描述中的攻击步骤表示攻击者使用的攻击技术，这些攻击技术是 MITRE 定义的
实体关系模型将企业 IT 系统描述为一个整体，通过使用工具，该语言可以对系统模型实例进行攻击模拟
攻击模拟可以用来评估安全设置和架构改变对加强系统安全的有效性
文章提出的语言经过了大量的单元测试和集成测试，并且使用了两个真实的网络攻击模型进行了可视化仿真

设计方法论

方案过程图

实例演示

攻击图

系统架构

攻击路径

Author: odymit

Link: http://odymit.github.io/2021/07/08/Cyber-security-threat-modeling-based-on-the-MITRE-Enterprise-ATT-CK-Matrix/

Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.

ATT&CK 威胁建模

Related Articles

ATT&CK相关项目调研

Threat Modeling and Attack Simulations of Connected Vehicles: Proof of Concept

Loading the Database