Advertisement

Assuring Compliance with Protection Profiles with ThreatGet

  • Magdy El Sadany
  • Christoph SchmittnerEmail author
  • Wolfgang Kastner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11699)

Abstract

We present ThreatGet a new tool for security analysis, based on threat modeling. The tool is integrated into a model-based engineering platform, supporting an iterative and model-based risk management process. We explain the modeling and operation of ThreatGet and how it can be used for security by design. As a specific use case, we demonstrate how ThreatGet can assess compliance with a protection profile.

Keywords

ThreatGet Protection profiles Threat analysis 

Notes

Acknowledgments

The work published here has received funding from the AQUAS project, under grant agreement No. 737475. The project is co-funded by grants from Austria, the Czech republic, Germany, Italy, France, Spain, The UK, and ECSEL JU.

References

  1. 1.
    Checkoway, S. et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)Google Scholar
  2. 2.
    Swiderski, Frank, Snyder, Window: Threat Modeling (Microsoft Professional), vol. 7. Microsoft Press, Sebastopol (2014)Google Scholar
  3. 3.
    parxSystems. http://sparxsystems.com/products/ea/. Accessed 30 Oct 2018
  4. 4.
    Shaaban, A.M., Schmittner, C.: Security chain tool for IoT secure applications. Austrian Institute of Technology – Digital Safety and Security (2019) Google Scholar
  5. 5.
    Bundesamtfür Sicherheit in der Informationstechnik. Digital tachograph - vehicle unit (VU PP). https://www.bsi.bund.de. Accessed 01 May 2019
  6. 6.
    Shaaban, A.M., Schmittner, C., Latzenhofer, M., Hofer, M.: Contribution title. A proposal for a comprehensive automotive cybersecurity reference architecture. In: The Seventh International Conference on Advances in Vehicular Systems, Technologies and Applications (2018)Google Scholar
  7. 7.
    ISO: ISO 31000 - Risk management - guidelines (2018)Google Scholar
  8. 8.
    ISO/IEC: Information technology – Security techniques – Information security risk management (2018)Google Scholar
  9. 9.
    IEC 31010: Risk management – Risk assessment techniques. Pub. L. No. IEC 31010 (2009)Google Scholar
  10. 10.
    Ramos, A.L., Ferreira, J.V., Barcelo, J.: Model-based systems engineering: an emerging approach for modern systems. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 42(1), 101–111 (2012).  https://doi.org/10.1109/TSMCC.2011.2106495. Accessed 01 May 2019CrossRefGoogle Scholar
  11. 11.
    Microsoft Threat Modeling Tool 2016. https://www.microsoft.com/en-us/download/details.aspx?id=49168. Accessed 01 May 2019
  12. 12.
    Threat Modeling at the speed of DevOps. https://continuumsecurity.net/. Accessed 01 May 2019
  13. 13.
    threatmodeler. https://threatmodeler.com/. Accessed 01 May 2019
  14. 14.
    A Pythonic framework for threat modeling. https://github.com/izar/pytm. Accessed 01 May 2019
  15. 15.
    Automated Threat Modeling and Attack Simulations. https://www.foreseeti.com/. Accessed 01 May 2019
  16. 16.
    Security Compass - SDElements. https://www.securitycompass.com/sdelements/. Accessed 01 May 2019
  17. 17.
    Tutamantic. http://www.tutamantic.com/. Accessed 01 May 2019
  18. 18.
    OWASP Threat Dragon. https://www.owasp.org. Accessed 01 May 2019
  19. 19.
    Threat modelling tool from Mozilla. https://github.com/mozilla/seasponge. Accessed 01 May 2019

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Magdy El Sadany
    • 1
    • 2
  • Christoph Schmittner
    • 1
    Email author
  • Wolfgang Kastner
    • 2
  1. 1.Austrian Institute of TechnologyViennaAustria
  2. 2.Automation Systems GroupTU WienViennaAustria

Personalised recommendations