ThreatGet

AIT's threat modelling tool automatically identifies threats and supports ongoing risk management.

Logo

Main partner/Developer Tool developer

Tool Link Link to website/github (URL) with more detailed information (optional)

Tool partners Non-owner organizations associated with the tool (partners/distributors)

Improved/Developed Tool Select if it is a new tool (developed) or an improved tool

Tool description A detailed description of the tool

AIT's threat modelling tool automatically identifies threats and supports ongoing risk management. The tool extends the well-established Enterprise Architect modelling platform and is designed to support use cases in domains like automotive, railways, energy and critical infrastructure. It contains domainspecific security-relevant elements for system modelling and comes with an AIT-maintained, up-to-date threat catalogue. Company specific model elements and threats can also be added.

Technical toolchains Technical connection of tools with their supporting tools. Example: for running a specific tool, you need to run/install this other tool(s) (e.g., CHESS-FLA CHESS, MoMuT Enterprise Architect, etc)

Description of the improvements Description of the improvements and novelties added during VALU3S/Baseline

Support for automated derivation of Attack Trees, based on:
- understanding of connectivity (post- preconditions between threats)
- understanding of attack goals
- understanding of initial attack surfaces

This will allow ThreatGet to automatically derive attack scenarios and attack chains.

Improvement date

New Improvements To be filled in the future (after VALU3S)

References Related papers, journals, articles, and so on

Schmittner, Christoph, et al. "ThreatGet: Threat modeling based approach for automated and connected vehicle systems." AmE 2020-Automotive meets Electronics; 11th GMM-Symposium. VDE, 2020.
Sadany, Magdy El, Christoph Schmittner, and Wolfgang Kastner. "Assuring compliance with protection profiles with threatget." International Conference on Computer Safety, Reliability, and Security. Springer, Cham, 2019.
Christl, Korbinian, and Thorsten Tarrach. "The analysis approach of ThreatGet." arXiv preprint arXiv:2107.09986 (2021).
Schmittner, Christoph, Bernhard Schrammel, and Sandra König. "Asset Driven ISO/SAE 21434 Compliant Automotive Cybersecurity Analysis with ThreatGet." European Conference on Software Process Improvement. Springer, Cham, 2021.
Schmittner, Christoph, Abdelkader Magdy Shaaban, and Georg Macher. "ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443." 2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS). IEEE, 2022.

Relationships with other web-repo artefacts

Related V&V Methods A tool could be based on several V&V methods.

Standards A method can be linked with standards.

Use cases Use cases where the tool has been used

Functional Toolchain Functional connection of tools for the implementation of a specific evaluation scenario/workflow. Example: the output of one tool can be used by the other tool(s) in order to obtain a different information (e.g., CIROS FERAL, MARVER >-> SRVT, etc)

Improvement Classification

Evaluation Criteria for Safety, Cybersecurity, and Privacy (SCP)

Evaluation Criteria for V&V Processes

Open source - Goals

open Source

Goals Tool goals

Contents

There are currently no items in this folder.