By Johannes Geismann

In the setting of cyber-physical systems, such as in the automotive industry, in smart factories, and aerospace, many systems are embedded and distributed. Safety is a very important criterium for these systems. So, how can we get security-by-design? In Software Architecture, we typically divide the system in different components, which we then can start analyze on threats. With threat models, we can model the threats, and then add ways to secure them. These items can then be linked to the different components. However, some solutions are based on the communication, e.g. a secure channel. These solutions can then be refined for that channel, etc. In this way, the threat models could be used to generate all kinds of artifacts.

The ideas have been implemented in a proof-of-concept tool. The division allows to have a better traceability of threats to components. Nice research idea, and great that they cooperate with industry. But as always: how do you support model evolution? Models change, ideas change, and how do you keep them consistent and up-to-date?

ICSA 2018 – Traceable threat modeling for safety-critical systems
Tagged on: