AIT's threat modelling tool automatically identifies threats and supports ongoing risk management. The tool extends the well-established Enterprise Architect modelling platform and is designed to support use cases in domains like automotive, railways, energy and critical infrastructure. It contains domainspecific security-relevant elements for system modelling and comes with an AIT-maintained, up-to-date threat catalogue. Company specific model elements and threats can also be added.
Support for automated derivation of Attack Trees, based on: - understanding of connectivity (post- preconditions between threats) - understanding of attack goals - understanding of initial attack surfaces
This will allow ThreatGet to automatically derive attack scenarios and attack chains.
Schmittner, Christoph, et al. "ThreatGet: Threat modeling based approach for automated and connected vehicle systems." AmE 2020-Automotive meets Electronics; 11th GMM-Symposium. VDE, 2020.
Sadany, Magdy El, Christoph Schmittner, and Wolfgang Kastner. "Assuring compliance with protection profiles with threatget." International Conference on Computer Safety, Reliability, and Security. Springer, Cham, 2019.
Christl, Korbinian, and Thorsten Tarrach. "The analysis approach of ThreatGet." arXiv preprint arXiv:2107.09986 (2021).
Schmittner, Christoph, Bernhard Schrammel, and Sandra König. "Asset Driven ISO/SAE 21434 Compliant Automotive Cybersecurity Analysis with ThreatGet." European Conference on Software Process Improvement. Springer, Cham, 2021.
Schmittner, Christoph, Abdelkader Magdy Shaaban, and Georg Macher. "ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443." 2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS). IEEE, 2022.