Automated Repeatable Adversary Threat Emulation with Effects Language (EL)

Computer Science > Cryptography and Security [Submitted on 7 Oct 2025 (v1), last revised 26 Jun 2026 (this version, v2)] Automated Repeatable Adversary Threat Emulation with Effects Language (EL) Suresh K. Damodaran, Paul D. Rowe The emulation of multi-step attacks attributed to advanced persistent threats is valuable for training defenders and evaluating defense tools. In this paper, we discuss the numerous challenges and desired attributes associated with such automation. Additionally, we introduce the use of Effects Language (EL), a visual programming language with graph-based operational semantics, as a solution to address many of these challenges and requirements. We formally define the execution semantics of EL, and prove important execution properties. Furthermore, we showcase the application of EL to codify attacks using an example from one of the publicly available attack scenarios. We also demonstrate how EL can be utilized to provide proof-of-attack of complex multi-step attacks. Our results highlight the improvements in time and resource efficiency achieved through the use of EL for repeatable automation. Subjects: Cryptography and Security (cs.CR); Programming Languages (cs.PL) Report number: Case Number 25-1615 Cite as: arXiv:2510.06420 [cs.CR]   (or arXiv:2510.06420v2 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2510.06420 Focus to learn more Related DOI: https://doi.org/10.1145/3816043 Focus to learn more Submission history From: Paul Rowe [view email] [v1] Tue, 7 Oct 2025 20:00:27 UTC (884 KB) [v2] Fri, 26 Jun 2026 12:57:37 UTC (878 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2025-10 Change to browse by: cs cs.PL References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)