Assuring Compliance with Protection Profiles with ThreatGet

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11699)


We present ThreatGet a new tool for security analysis, based on threat modeling. The tool is integrated into a model-based engineering platform, supporting an iterative and model-based risk management process. We explain the modeling and operation of ThreatGet and how it can be used for security by design. As a specific use case, we demonstrate how ThreatGet can assess compliance with a protection profile.


ThreatGet Protection profiles Threat analysis 



The work published here has received funding from the AQUAS project, under grant agreement No. 737475. The project is co-funded by grants from Austria, the Czech republic, Germany, Italy, France, Spain, The UK, and ECSEL JU.


  1. 1.
    Checkoway, S. et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)Google Scholar
  2. 2.
    Swiderski, Frank, Snyder, Window: Threat Modeling (Microsoft Professional), vol. 7. Microsoft Press, Sebastopol (2014)Google Scholar
  3. 3.
    parxSystems. Accessed 30 Oct 2018
  4. 4.
    Shaaban, A.M., Schmittner, C.: Security chain tool for IoT secure applications. Austrian Institute of Technology – Digital Safety and Security (2019) Google Scholar
  5. 5.
    Bundesamtfür Sicherheit in der Informationstechnik. Digital tachograph - vehicle unit (VU PP). Accessed 01 May 2019
  6. 6.
    Shaaban, A.M., Schmittner, C., Latzenhofer, M., Hofer, M.: Contribution title. A proposal for a comprehensive automotive cybersecurity reference architecture. In: The Seventh International Conference on Advances in Vehicular Systems, Technologies and Applications (2018)Google Scholar
  7. 7.
    ISO: ISO 31000 - Risk management - guidelines (2018)Google Scholar
  8. 8.
    ISO/IEC: Information technology – Security techniques – Information security risk management (2018)Google Scholar
  9. 9.
    IEC 31010: Risk management – Risk assessment techniques. Pub. L. No. IEC 31010 (2009)Google Scholar
  10. 10.
    Ramos, A.L., Ferreira, J.V., Barcelo, J.: Model-based systems engineering: an emerging approach for modern systems. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 42(1), 101–111 (2012). Accessed 01 May 2019CrossRefGoogle Scholar
  11. 11.
    Microsoft Threat Modeling Tool 2016. Accessed 01 May 2019
  12. 12.
    Threat Modeling at the speed of DevOps. Accessed 01 May 2019
  13. 13.
    threatmodeler. Accessed 01 May 2019
  14. 14.
    A Pythonic framework for threat modeling. Accessed 01 May 2019
  15. 15.
    Automated Threat Modeling and Attack Simulations. Accessed 01 May 2019
  16. 16.
    Security Compass - SDElements. Accessed 01 May 2019
  17. 17.
    Tutamantic. Accessed 01 May 2019
  18. 18.
    OWASP Threat Dragon. Accessed 01 May 2019
  19. 19.
    Threat modelling tool from Mozilla. Accessed 01 May 2019

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Austrian Institute of TechnologyViennaAustria
  2. 2.Automation Systems GroupTU WienViennaAustria

Personalised recommendations