Summary
Preparation session
A model of threat modeling
Outcome
- Publish working draft
- (DSL session: what should it be usable for)
- Make model more cohesive
- Extended and/or peer-review on slack
- Extended by academia (?)
Notes
Are 4 questions sufficient?
| Question | Description |
|---|---|
| Q1: System description | Model or Text? |
| - | DSL would require some structure (e.g. (P)->(EE) ) |
| - | Model - Diagram - View - Viewpoint |
| - | ISO 42010 (summary: http://www.iso-architecture.org/ieee-1471/cm/ - see notes below) |
| Q2: What can go wrong? | Risk vs. Threat? |
| - | - Synopsis |
| - | - OWASP risk rating |
| - | Firesmith - specifying reusable security requirements: http://www.jot.fm/issues/issue_2004_01/column6/ |
| - | Use of kill chain |
| - | Meta language (to describe graphs, etc.) |
| Q3. Mitigation | Focus on mitigations |
| - | At least mention 4 different steps/options |
| Q4. validation | Checklist |
| - | Formal model |
| - | Context conditions |
Summary of ISO 42010:
- Model kind: conventions for a type of modelling. Examples of model kinds include data flow diagrams, class diagrams, Petri nets, balance sheets, organization charts and state transition models.
- Architecture viewpoint: Work product establishing the conventions for the construction, interpretation and use of architecture views to frame specific system concerns
- Architecture view: Work product expressing the architecture of a system from the perspective of specific system concerns
- Architecture description AD: Work product used to express an architecture