CyberML™: Cyber Modeling Language™ for Cybersecurity Apps

CyberML FAQ: What is CyberML?

What is the CyberML™ (Cyber Modeling Language™)?
The CyberML™ (Cyber Modeling Language™) is a UML profile and model library for specifying the architectures and designs of cybersecurity applications. Since CyberML is designed and implemented as a UML profile (UML dialect) and model library it is compatible with the UML and OMG SysML architecture modeling language standards, and can be implemented in popular visual modeling tools that comply with those standards.

The CyberML profile specifies basic constructs for specifying network topologies, network communication protocols, cyber devices, and cyber assets. Cyber devices supported include routers/switches, firewalls, encryption/decryption devices, Intrusion Detection/Protection Systems (IDS/IPS), and Unified Threat Management (UTM) devices.

The CyberML model library specifies recursive analysis, design and architecture patterns that can be applied during the full System Development Life Cycle (SDLC) on "both sides" of the System V-Model (a.k.a. System Vee Model). When used with a pragmatic "Agile" subset of either UML 2 or SysML 1.x, these recursive analysis, design and architecture patterns facilitate scalable traceability on the "left side" of the System-V Model, and scalable Verification & Validation (V&V) on the "right side" of the System-V Model.

The CyberML can be customized to support emerging Cybersecurity Framework standards, such as the NIST Cybersecurity Framework (NIST Special Publication 800-37), DoD Risk Management Framework (RMF), and ISO/IEC 27000.
Why use CyberML?
CyberML is designed to be used by Agile and Lean systems engineers and software developers who are tasked with developing cybersecurity architectures and frameworks, but want to avoid the problems associated with traditional BUFD ("Big Up Front Design" ) languages, such as full standard UML 2 and its SysML dialect:

CyberML offers the following advantages over BUFD languages:
  • Small & Lean easier to learn and apply: When used with a pragmatic "Agile" (i.e., essential or "Lean") subset of UML 2 or SysML , SafetyML is relatively easy to learn and apply. If you already have a solid foundation and experience applying Agile UML 2 or SysML, you should be able to learn CyberML during a 2-4 day hands-on workshop.
  • Supports recursive analysis, design and architecture patterns scalable: The CyberML model library specifies recursive analysis, design and architecture patterns that can be applied during the full System Development Life Cycle (SDLC) on "both sides" of the System V-Model (a.k.a. System Vee Model). When used with a pragmatic "Agile" subset of either UML 2 or SysML 1.x, these recursive analysis, design and architecture patterns facilitate scalable traceability on the "left side" of the System-V Model, and scalable Verification & Validation (V&V) on the "right side" of the System-V Model.
  • Compatibility & Portability straightforward to implement in UML2/SysML compliant tools: Since CyberML is designed and implemented as a UML profile (UML dialect) and model library it is compatible with the UML and OMG SysML architecture modeling language standards, and can be implemented in popular visual modeling tools that comply with those standards.
  • Expressibility & Precision precise blueprints for safety-critical systems of arbitrary complexity: Since CyberML emphasizes precise basic constructs and powerful recursive patterns, a relatively small number of CyberML constructs can specify safety-critical systems of arbitrary complexity (systems-of-systems systems subsystems ...).
  • Simulation & Executability easier to test and debug: CyberML can be simulated and executed (behavioral diagram simulation, parametric simulation and support Round-Trip Engineering) in those visual modeling tool implementations that support these features.
  • Cybersecurity focus emphasized throughout Agile SDLC: CyberML's cybersecurity constructs and recursive patterns are deeply integrated into the system architecture, analysis, design, implementation and V&V, so cybersecurity is treated critically throughout the Agile System Development Life Cycle, rather than being treated as secondary or tertiary importance.
What are the core CyberML diagrams?
When used by Agile MBSE practitioners applying an Agile SysML subset, the SafetyML commonly adds a Network diagram type and extends the following SysML diagram types:
  1. Requirements
  2. Network (added or "borrowed" & adapted from UML Deployment)
  3. Activity
  4. Block Definition
  5. Internal Block
  6. Parametric
  7. Sequence
  8. State Machine

When used by Agile Architecture practitioners applying an Agile UML 2 subset, the SafetyML commonly adds Requirements and Network diagram types and extends the following UML 2 diagram types:
  1. Requirements (added or "borrowed" from SysML dialect)
  2. Network (adapted from UML Deployment)
  3. Activity (shared with AgileML)
  4. Class
  5. Composite Structure
  6. Sequence
  7. State Machine
What is Model-Based Cybersecurity Analysis?
Background: Model-Based Cybersecurity (a.k.a. Model-Based Cyber Security) is a sub-discipline of Model-Based Engineering, an umbrella term that describes an architecture-centric approach to systems and software development that emphasizes a System Architecture Model (SAM) defined using an architecture modeling language standard (e.g., UML 2, SysML) as the primary work artifact throughout the System Development Life Cycle (SDLC). Other well-known subdisciplines of Model-Based Engineering include Model-Driven Development (MDD) using UML 2 and Model-Based Systems Engineering (MBSE) using SysML.

  • Model-Based Cybersecurity is an approach to traditional Cybersecurity which emphasizes a Network Architecture Model (NAM) specified with an architecture modeling language, such as UML 2 or SysML, as the primary work artifact for cybersecurity architectures and frameworks.
How can CyberML be customized for our problem domain and project?
Just as CyberML customizes UML2 and OMG SysML via profiles and model libraries, CyberML is is designed to be further tailored for problem domains and projects. Contact us for details.
Who created CyberML?
CyberML was designed by Cris Kobryn, an internationally recognized architecture modeling language expert known for successfully leading the UML 1, UML 2, and SysML design teams. Cris has over 20 years professional experience in the design and implementation of architecture modeling languages for distributed systems.
How can I learn more about SafetyML?
We plan to publish more information about CyberML on this web in the near future. While CyberML continues to evolve it is being actively used in PivotPoint's Cybersecurity Architecture and Frameworks training.

If you would like to submit new questions for the CyberML FAQ or would like to subscribe to a CyberML mailing list please contact us.

CYBERML and CYBER MODELING LANGUAGE are trademarks of PivotPoint Technology Corporation. UML is a trademark of the Object Management Group. All other trademarks are the property of their respective owners.