Conference Paper To Appear

## Extending a security ontology framework to model CAPEC attack paths and TAL adversary profiles

Authors Francesco Mariotti Matteo Tavanti Leonardo Montecchi Paolo Lollini Security evaluation can be performed using a variety of analysis methods, such as attack trees, attack graphs, threat propagation models, stochastic Petri nets, and so on. These methods analyze the effect of attacks on the system, and estimate security attributes from different perspectives. However, they require information from experts in the application domain for properly capturing the key elements of an attack scenario: i) the attack paths a system could be subject to, and ii) the different characteristics of the possible adversaries. For this reason, some recent works focused on the generation of low-level security models from a high-level description of the system, hiding the technical details from the modeler. In this paper we build on an existing ontology framework for security analysis, available in the ADVISE Meta tool, and we extend it in two directions: i) to cover the attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and ii) to capture all the adversaries' profiles as defined in the Threat Agent Library (TAL), a reference library for defining the characteristics of external and internal threat agents ranging from industrial spies to untrained employees. The proposed extension supports a richer combination of adversaries' profiles and attack paths, and provides guidance on how to further enrich the ontology based on taxonomies of attacks and adversaries. 18th European Dependable Computing Conference (EDCC 2022) Zaragoza, Spain September 12-15, 2022 (To appear) - IEEE Bibtex @inproceedings{2022EDCC, author = {Mariotti, Francesco and Tavanti, Matteo and Montecchi, Leonardo and Lollini, Paolo}, title = {{Extending a security ontology framework to model CAPEC attack paths and TAL adversary profiles}}, booktitle = {18th European Dependable Computing Conference (EDCC 2022)}, address = {Zaragoza, Spain}, date = {2022-09-12/2022-09-15}, note = {\emph{To appear}}, year = {2022} } Plain TextF. Mariotti, M. Tavanti, L. Montecchi, P. Lollini. Extending a security ontology framework to model CAPEC attack paths and TAL adversary profiles. In: 18th European Dependable Computing Conference (EDCC 2022) Zaragoza, Spain, September 12-15, 2022.