You’re offline. This is a read only version of the page.
Skip to main content
KTH Degree Project Portal
Växla navigering
Assignments
Subscribe
About KTH Degree Project Portal
About KTH Degree Project Portal
For Employers
For Students
FAQ
English
English
Svenska
Sign in
Apply using email
Apply using URL
General
Headline
*
*
Organization/Company
*
Location
*
Assignment Type
*
Description
*
*
Background and Motivation: Threat modeling is a cornerstone of modern cybersecurity analysis, enabling systematic identification of attack paths and defensive measures. The Meta Attack Language (MAL) (https://github.com/mal-lang) provides a formalism for representing attack logic and simulating adversarial behavior across various system domains, such as cloud environments and industrial control systems. In recent research, attack simulations are also used for training autonomous cyberdefense agents to take actions based on some observed attacker behavior. However, a challenge in this activity is to produce training data that are not based on some specific static system configuration as this would overfit the learned behavior to that very specific environment. Instead we would like to represent but still represent a some larger domain where systems follow some common patterns but vary in others. We would then like to be able to automatically generate system configurations that varies in a number of dimensions according to some expected variances representing an actual distribution of systems within a domain. Objectives: This project amis to extend the MAL formalism and a prototype toolchain so that it is possible write specifications that in turn can be used for generating multiple MAL threat model instances according to the specified statistics. The project will: 1. Perform a literature review on model-driven security engineering, threat modeling automation, and MAL in particular. 2. Extend the MAL formalism so that it can encode statistical properties of structural threat model design. This includes expressions such as producing a number of communication networks according to some distribution, where the number of machine per network follow another distribution and the machine-to-machine communication follows a third. 3. Implement a tool that produce models according to the specifications . 4. Perform a smaller case study where material describing some system domain is used to motivate a model specification and where this is used to produce the threat model instances of the original material. How to apply: Send your CV and University course grades to Mathias Ekstedt (mekstedt@kth.se). For questions about the project, send an email to the same address. Applications will be evaluated continuously
There are no records to display.
You don't have permissions to view these records.
Error completing request.
Loading...
Create
×
Close
Edit
×
Close
View details
×
Close
Delete
×
Close
Are you sure you want to delete this record?
Error
×
Close
We're sorry, an error has occurred.
Deadline for application
*
*
Publish date
*
*
Credits
30 hp
15 hp
15-30 hp
Application Channel
*
Email
URL
Both
Application Email
*
*
Application URL
*
Application Documents
*
CV, University grades
