Skip to main content
To KTH's start page To KTH's start page


Today most enterprises are dependent on information systems to run their business. Previously a single line of business was supported by a single or a limited number of information systems. In contrast, presently the information systems are interconnected in a complex manner where hundreds or thousands of systems have formed an enterprise-wide system-of-systems. And the ongoing trend is that new systems are continuously developed and integrated, both at enterprises as well as the society at large, in domains such as smart power grids, smart cities, and smart transport systems.

Keeping the information systems secure and resilient to attacks is thus vital for uninterrupted enterprise services and trustworthiness. Unfortunately, we are today lacking a good design and analysis support for addressing information and cyber security on the system-of-systems level where the attack surface and –processes are radically increasing. Much security expertise, academic as well as practical, is found on individual attacks or countermeasures but the combination and interrelations between all of these are lesser understood. 

The Cyber Security Modeling Language (CySeMoL) a sophisticated tool for making holistic and system-level assessment of cyber security on information system architectures. CySeMoL combines information systems modeling in the unified modeling language (UML) with Bayesian attack graphs implemented in the object constraint language (OCL). It provides a probabilistic “heat map” of how difficult it is for a (stereotyped) attacker to reach and compromise different assets in the architecture from some specific entry point(s). CySeMoL incorporates knowledge elicited from domain experts and observation studies as well as results from previous research studies. The language includes 59 attack types, 58 defense types, 23 asset types, 51 system relation types and a large number of conditional probabilities over how difficult it is to succeed with different attacks given different defenses and architectural structures. The scope of CySeMoL is ranging from pure technical issues such as software vulnerabilities, firewalls, encryption, intrusion detection systems, to access and authentication, and sociotechnical issues such as social engineering attacks and security awareness training for system users.

The CySeMoL has successfully been tested and applied in a number of case studies primarily within the electric power industry. Studied systems include SCADA- and substation automation systems as well as office environments.

In summary, CySeMoL is a design- and maintenance support tool that allows the user to model and analyze information and cyber security of enterprise-wide information system architectures without the need of having cyber security experts at hand, or self being one.