In order to create a model of an existing system it is suggested to do this based on available data sources, for instance network and vulnerability
scanners, firewall rules, and asset inventories. By doing it this way you get an accurate model reflecting the whole system as it actually is implemented and not the modeler’s dreamy view of it. And you can keep your model up-to-date in a continuous way.
With this fresh accurate model of your system, it is now time to figure out if it is secure or not. And when you realize there are plenty of weaknesses that can be used by attackers you need to decide what the best mitigation strategy is. For this, the threat modeling community has been relying on security experts. However, in a parallel universe other have been using attack graphs to run simulations answering these types of questions. The problem for the attack graph community has similarly been the creation of the graph (the model). Since the systems are large and complex, the graph also becomes large and complex. So, it is difficult, time-consuming, and error-prone to create one and the result isn’t very trustworthy.
The novel idea I am presenting here is to combine threat models with attack simulations. For this, we have developed the Meta Attack Language (MAL) . This is an open-source framework  that can be used to createDomain-Specific (Modeling) Languages (DSLs). With MAL you thus describe what assets you are interested in e.g. computer, network, software, what attacks these assets can be subjected to, and what defenses that could mitigate these attacks. With MAL you therefore have full freedom to create your own threat modeling and attack simulation language. The fancy thing is, when you instantiate your assets, e.g. Robert’s MacBook Air running macOS Big Sur v.11.2.3, you also get an underlying attack and defense graph for it. Thus, when you have your threat model (assets and how these are connected to each other) you can automatically run a simulation pinpointing where your weaknesses are and also suggestions on what mitigations that could be added to decrease the risks.