Threat modeling or architectural risk analysis (ARA) is a process to find cybersecurity threats in an IT system by analyzing its architecture. Because of the large number of possible threats to consider in such an analysis, it helps to automate it. Automatic application of threat analysis rules gives more consistent results and reduces the dependency on expert knowledge in threat modeling, but asks the threat modeler to annotate the architecture with relevant information. The threat modeler will however still have to know what information to provide. In this disclosure we describe a system that interactively asks the threat modeler to supply such information, based on the analysis rules. This reduces the dependency on expert knowledge even further.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Hemel, Tim, "Automated Interactive Threat Analysis of IT Architectures", Technical Disclosure Commons, (September 30, 2019)