MAL - Meta Attack Language

A language to create cyber threat modeling systems for specific domains such as SCADA/OT, automotive and cloud.

In turn, such a system allows for cyber threat modeling and attack simulations of specific environments – a power grid, a vehicle platform or a particular cloud infrastructure.

The first open source framework that allows creation of quantitative cyber threat modeling systems for any domain.

MAL is open source under a permissive Apache 2.0 license and based on a decade of research at KTH Royal Institute of Technology.

Create a language specification in MAL syntax that describes the domain. This language should capture the assets, the relationships between assets and the access techniques an attacker can utilize.

Assets can e.g. be servers and networks where a server can be connected to a network. Access techniques are both natural ones - such as being able to send network packets from a host to other hosts connected to the same network - or CAPEC/ATT&ACK adversary techniques that an attacker may use.

A MAL language specification is run through the MAL compiler to create a Java library that implements the language through a set of APIs. This library can in turn be used to programatically create threat models to analyze an attacker’s ability and likelihood of reaching designated high value assets.

The MAL compiler can also be used to generate a Java library compatible with foreseeti’s securiCAD that provides graphical modeling support, high performance statistical simulations and advanced reporting capabilities.

The tutorial provides the quickest and easiest way to set up a working language project. Once the example specification can be compiled into a working language JAR, the MAL documentation provides the necessary insights into the MAL language itself and the methodology considerations to design and implement a working language specification. Watch the video below for a quick introduction.

Get Started

Who uses MAL?