Abstract
We present ThreatGet a new tool for security analysis, based on threat modeling. The tool is integrated into a model-based engineering platform, supporting an iterative and model-based risk management process. We explain the modeling and operation of ThreatGet and how it can be used for security by design. As a specific use case, we demonstrate how ThreatGet can assess compliance with a protection profile.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Checkoway, S. et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)
Swiderski, Frank, Snyder, Window: Threat Modeling (Microsoft Professional), vol. 7. Microsoft Press, Sebastopol (2014)
parxSystems. http://sparxsystems.com/products/ea/. Accessed 30 Oct 2018
Shaaban, A.M., Schmittner, C.: Security chain tool for IoT secure applications. Austrian Institute of Technology – Digital Safety and Security (2019)
Bundesamtfür Sicherheit in der Informationstechnik. Digital tachograph - vehicle unit (VU PP). https://www.bsi.bund.de. Accessed 01 May 2019
Shaaban, A.M., Schmittner, C., Latzenhofer, M., Hofer, M.: Contribution title. A proposal for a comprehensive automotive cybersecurity reference architecture. In: The Seventh International Conference on Advances in Vehicular Systems, Technologies and Applications (2018)
ISO: ISO 31000 - Risk management - guidelines (2018)
ISO/IEC: Information technology – Security techniques – Information security risk management (2018)
IEC 31010: Risk management – Risk assessment techniques. Pub. L. No. IEC 31010 (2009)
Ramos, A.L., Ferreira, J.V., Barcelo, J.: Model-based systems engineering: an emerging approach for modern systems. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 42(1), 101–111 (2012). https://doi.org/10.1109/TSMCC.2011.2106495. Accessed 01 May 2019
Microsoft Threat Modeling Tool 2016. https://www.microsoft.com/en-us/download/details.aspx?id=49168. Accessed 01 May 2019
Threat Modeling at the speed of DevOps. https://continuumsecurity.net/. Accessed 01 May 2019
threatmodeler. https://threatmodeler.com/. Accessed 01 May 2019
A Pythonic framework for threat modeling. https://github.com/izar/pytm. Accessed 01 May 2019
Automated Threat Modeling and Attack Simulations. https://www.foreseeti.com/. Accessed 01 May 2019
Security Compass - SDElements. https://www.securitycompass.com/sdelements/. Accessed 01 May 2019
Tutamantic. http://www.tutamantic.com/. Accessed 01 May 2019
OWASP Threat Dragon. https://www.owasp.org. Accessed 01 May 2019
Threat modelling tool from Mozilla. https://github.com/mozilla/seasponge. Accessed 01 May 2019
Acknowledgments
The work published here has received funding from the AQUAS project, under grant agreement No. 737475. The project is co-funded by grants from Austria, the Czech republic, Germany, Italy, France, Spain, The UK, and ECSEL JU.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
El Sadany, M., Schmittner, C., Kastner, W. (2019). Assuring Compliance with Protection Profiles with ThreatGet. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science(), vol 11699. Springer, Cham. https://doi.org/10.1007/978-3-030-26250-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-26250-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26249-5
Online ISBN: 978-3-030-26250-1
eBook Packages: Computer ScienceComputer Science (R0)