A Multi-level Cyber-Security Reference Model in Support of Vulnerability Analysis

• This paper reports on the second engineering cycle of a reference model for end-to-end cyber-security by design in the electricity sector. In our previous work, we proposed a reference model that relies on the integrated consideration of two fragmented, but complementary, reference models: NISTIR 7628 and powerLang. To align these reference models, we rely on multi-level modeling, specifically on the Flexible Meta Modeling and Execution Language (FMMLx), and integrated modeling and programming. Within this paper, we strengthen the bottom-up design of the reference model’s application by integrating a semi-automated threat analysis. This enables the identification of possible points of improvement in the actual architecture design, as well as a future analysis of business-level impact of different threats. To demonstrate our approach, we rely on the well-studied Ukraine scenario from 2016.

Subject headings

NATURVETENSKAP  -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)

NATURAL SCIENCES  -- Computer and Information Sciences -- Information Systems (hsv//eng)

Keyword

Cyber-security by design

Multi-level reference model

Vulnerability analysis

Publication and Content Type

ref (subject category)

kon (subject category)