An Ontology for the Embedded System TTP Matrix
Abstract
The MITRE Corporations ATT ampersand CK matrices enumerate tactical objectives (tactics) in cyberattacks, and the techniques agents use to achieve those objectives. The ATT ampersand CK matrices cover enterprise systems, mobile systems, and industrial control systems. MITRE recently developed the Embedded System Tactics, Techniques and Procedures Matrix (ESTM) to apply ATT ampersand CK concepts in embedded systems. Embedded systems are crucial to Department of Defense operations. ESTM provides a framework to support analysis of embedded system cybersecurity. To allow using ATT and CK concepts in automated reasoning systems, IDA worked with the Army Information Intelligence and Warfare Directorate and CUBRC to create the MITRE ATT ampersand CK Matrix Ontology (MAMO), an ontological representation of ATT ampersand CK. IDA has recently worked with MITRE to create an ontological representation of ESTM, thereby extending automated reasoning about cybersecurity into the domain of embedded systems. Like MAMO, the ESTM Ontology builds on existing ontologies, inheriting their semantics and design paradigms. The ESTM Ontology can be used in Cyber Table Top exercises to model possible cyberattacks on embedded systems and devise mitigation strategies. During an exercise, participants could query this ontology to identify attack techniques that might be useful. After an exercise, sanitized results could be stored in a knowledge base for future access and analyses.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2022
- Accession Number
- AD1197670
Entities
People
- Brian A. Haugh
- Rachel K. De Naray
- Steven P. Wartik
Organizations
- Institute for Defense Analyses