Paper accepted at ForSE 2018
We present a meta model for comprehensive, time-enabled attacker/defender behavior ready for incorporation in a dynamic, imperfect information multi-player game that derives significant parts of its ruleset from established information security sources such as STIX, CAPEC, CVE/CWE and NIST SP800-53. Concrete attack patterns, vulnerabilities, and mitigating controls are mapped to their counterpart strategies and actions through practical, data-centric mechanisms. The gamified model furthermore considers and defines a wide range of actors, assets, and actions, thereby enabling a detailed assessment of cyber risks while giving analysts the opportunity to explore specific attack scenarios in the context of their own infrastructure.
Robert Luh, Marlies Temper, Simon Tjoa and Sebastian Schrittwieser. APT RPG: Design of a Gamified Attacker/Defender Meta Model. 2nd International Workshop on FORmal methods for Security Engineering (ForSE 2018).