Abstract
Systems and methods are provided for a risk identification and generation engine that performs security architecture analysis in a standardized manner. The engine automatically populates security questionnaires within a security architecture workflow and determines whether a feature requires a minor assessment or a detailed analysis. The engine generates dataflow and architecture diagrams, provides editing capabilities through drag‑and‑drop operations, and enables creation of additional diagrams. Threat models are generated using application context to identify security flaws at the design stage. The system stores design and technical security requirements, application details including summaries, APIs, and implemented controls, as well as records of assessments performed and relationships among applications. The engine is implemented in connection with a ShiftLeft Portal application and is adaptable for use with other applications.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Siingh, Kautilay; Murthy, Sanjeev; KC, Shreyas; Rezler, Brianna; and Athreya, Aishwarya Hariharan, "Graph Based Context Ingestion and Automated Risk Identification Engine", Technical Disclosure Commons, ()
https://www.tdcommons.org/dpubs_series/10177