Enterprise systems are growing in complexity, and the adoption of cloud and mobile services has greatly increased the attack surface. To proactively address these security issues in enterprise systems, this paper proposes a threat modeling language for enterprise security based on the MITRE Enterprise ATT&CK Matrix. It is designed using the Meta Attack Language framework and focuses on describing system assets, attack steps, defenses, and asset associations. The attack steps in the language represent adversary techniques as listed and described by MITRE. This entity-relationship model describes enterprise IT systems as a whole; by using available tools, the proposed language enables attack simulations on its system model instances. These simulations can be used to investigate security settings and architectural changes that might be implemented to secure the system more effectively. Our proposed language is tested with a number of unit and integration tests. This is visualized in the paper with two real cyber attacks modeled and simulated.

企业系统越来越复杂，云和移动服务的采用大大增加了攻击面。为了主动解决企业系统中的这些安全问题，本文提出了一种基于 MITRE Enterprise ATT&CK Matrix 的企业安全威胁建模语言。它使用元攻击语言框架设计，重点描述系统资产、攻击步骤、防御和资产关联。该语言中的攻击步骤代表了 MITRE 列出和描述的对手技术。这种实体关系模型将企业 IT 系统描述为一个整体；通过使用可用的工具，所提出的语言能够对其系统模型实例进行攻击模拟。这些模拟可用于调查可能实施的安全设置和架构更改，以更有效地保护系统。我们建议的语言经过了许多单元和集成测试的测试。这在论文中通过建模和模拟的两个真实网络攻击进行了可视化。