Threat modelling is a vital practice within the cybersecurity domain. It allows finding vulnerabilities in complex systems so that mitigations can be set in place. The Meta Attack Language (MAL) provides a framework for creating Domain Specific Languages (DSLs) for attack simulations. In such MAL-based simulations, the users are responsible for providing test sets. However, currently there is a lack of qualitative feedback regarding test coverage. To address this, this research utilised the Design Science Research Methodology to create an improved JUnit extension for MAL that combines language-level test coverage analysis with robust error handling. The extension provides an enhanced qualitative assessment for threat modelling with MAL simulations. The results contribute to current research in simulation-based threat modelling tools and lay a foundation for possible future work in validating DSLs.
Braun et al. (Thu,) studied this question.