CyberSAGE: The cyber security argument graph evaluation tool

William G. Temple, Yue Wu, Carmen Cheh, Yuan Li, Binbin Chen, Zbigniew T. Kalbarczyk, William H. Sanders, David Nicol

Research output: Contribution to journalArticlepeer-review


Cyber risk assessment is a critical step in securing the digital systems that support modern society. Typically this is a manual process carried out by consultants or working groups with little or no software support outside of spreadsheet tools. As cybersecurity threats and digital systems themselves become more complex and dynamic, there is a need for greater tool support in the risk assessment process to document and trace assumptions and facilitate the revision or extension of a threat and risk assessment throughout a system’s lifecycle. The Cyber Security Argument Graph Evaluation (CyberSAGE) tool provides a platform for model-based cybersecurity analysis of cyber failure and attack scenarios. It combines models of high-level workflow, system architecture, device properties, attacker capability and skill, to compute holistic, quantitative security metrics. In this paper we describe the models, algorithms, and software architecture of the CyberSAGE tool. To illustrate its application, we describe an assessment carried out on communication systems in two railway lines with the support of an industry partner. Finally, we summarize feedback on the CyberSAGE tool from the railway case study partner, as well as over 40 interviews with practitioners and domain experts and a multinational electronics company who carried out a one year independent evaluation.

Original languageEnglish (US)
Article number18
JournalEmpirical Software Engineering
Issue number1
StatePublished - Jan 2023


  • Attack scenario model
  • Cybersecurity assessment
  • Risk assessment
  • Security argument graph

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'CyberSAGE: The cyber security argument graph evaluation tool'. Together they form a unique fingerprint.

Cite this