Analyzing Enterprise Architecture Models by Means of the Meta Attack Language

The digital transformation exposes organizations to new threats endangering their business. A way to uncover these threats is threat modeling and attack simulations. However, modeling an entire organization by hand is time consuming and error prone. Therefore, we propose to reuse Enterprise Architecture (EA) models. In this work, we propose a mapping from ArchiMate, a common EA modeling language, to coreLang, a threat modeling language, and use the resulting models to perform attack simulations to foresee possible attack paths. Then, we play back the results of the attack simulations to the EA model and complete the round-trip. To demonstrate our approach, we developed a prototype performing the transformation from ArchiMate to coreLang and applied our approach to the well-known ArchiSurance example.