11/23/2017

Paper accepted at ForSE 2018

Robert Luh, Marlies Temper, Simon Tjoa and Sebastian Schrittwieser. APT RPG: Design of a Gamified Attacker/Defender Meta Model. 2nd International Workshop on FORmal methods for Security Engineering (ForSE 2018).

We present a meta model for comprehensive, time-enabled attacker/defender behavior ready for incorporation in a dynamic, imperfect information multi-player game that derives significant parts of its ruleset from established information security sources such as STIX, CAPEC, CVE/CWE and NIST SP800-53. Concrete attack patterns, vulnerabilities, and mitigating controls are mapped to their counterpart strategies and actions through practical, data-centric mechanisms. The gamified model furthermore considers and defines a wide range of actors, assets, and actions, thereby enabling a detailed assessment of cyber risks while giving analysts the opportunity to explore specific attack scenarios in the context of their own infrastructure.