Top

Published in:

2019 | OriginalPaper | Chapter

Assuring Compliance with Protection Profiles with ThreatGet

Authors : Magdy El Sadany, Christoph Schmittner, Wolfgang Kastner

Published in: Computer Safety, Reliability, and Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

We present ThreatGet a new tool for security analysis, based on threat modeling. The tool is integrated into a model-based engineering platform, supporting an iterative and model-based risk management process. We explain the modeling and operation of ThreatGet and how it can be used for security by design. As a specific use case, we demonstrate how ThreatGet can assess compliance with a protection profile.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Comparative Evaluation of Security Fuzzing Approaches

next chapter A Survey on the Applicability of Safety, Security and Privacy Standards in Developing Dependable Systems

Checkoway, S. et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium (2011)

Swiderski, Frank, Snyder, Window: Threat Modeling (Microsoft Professional), vol. 7. Microsoft Press, Sebastopol (2014)

parxSystems. http://sparxsystems.com/products/ea/. Accessed 30 Oct 2018

Shaaban, A.M., Schmittner, C.: Security chain tool for IoT secure applications. Austrian Institute of Technology – Digital Safety and Security (2019)

Bundesamtfür Sicherheit in der Informationstechnik. Digital tachograph - vehicle unit (VU PP). https://www.bsi.bund.de. Accessed 01 May 2019

Shaaban, A.M., Schmittner, C., Latzenhofer, M., Hofer, M.: Contribution title. A proposal for a comprehensive automotive cybersecurity reference architecture. In: The Seventh International Conference on Advances in Vehicular Systems, Technologies and Applications (2018)

ISO: ISO 31000 - Risk management - guidelines (2018)

ISO/IEC: Information technology – Security techniques – Information security risk management (2018)

IEC 31010: Risk management – Risk assessment techniques. Pub. L. No. IEC 31010 (2009)

10.

Ramos, A.L., Ferreira, J.V., Barcelo, J.: Model-based systems engineering: an emerging approach for modern systems. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 42(1), 101–111 (2012). https://doi.org/10.1109/TSMCC.2011.2106495. Accessed 01 May 2019CrossRef

11.

Microsoft Threat Modeling Tool 2016. https://www.microsoft.com/en-us/download/details.aspx?id=49168. Accessed 01 May 2019

12.

Threat Modeling at the speed of DevOps. https://continuumsecurity.net/. Accessed 01 May 2019

13.

threatmodeler. https://threatmodeler.com/. Accessed 01 May 2019

14.

A Pythonic framework for threat modeling. https://github.com/izar/pytm. Accessed 01 May 2019

15.

Automated Threat Modeling and Attack Simulations. https://www.foreseeti.com/. Accessed 01 May 2019

16.

Security Compass - SDElements. https://www.securitycompass.com/sdelements/. Accessed 01 May 2019

17.

Tutamantic. http://www.tutamantic.com/. Accessed 01 May 2019

18.

OWASP Threat Dragon. https://www.owasp.org. Accessed 01 May 2019

19.

Threat modelling tool from Mozilla. https://github.com/mozilla/seasponge. Accessed 01 May 2019

Title: Assuring Compliance with Protection Profiles with ThreatGet
Authors: Magdy El Sadany
Christoph Schmittner
Wolfgang Kastner
Publisher: Springer International Publishing
Book: Computer Safety, Reliability, and Security
Print ISBN: 978-3-030-26249-5

Electronic ISBN: 978-3-030-26250-1

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-26250-1_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner