Automating threat modeling

with architectural risk patterns

A White Paper positioning Security Risk Advisor capability in the context of Threat Modeling. This paper presents a software-centric method that uses architectural risk patterns to greatly speed up the process of generating a threat model, and introduces a degree of consistency, which is lacking in purely manual approaches.

This method for creating patterns employs principals from Object Oriented software design such as inheritance and polymorphism, so that the contents of the patterns can be practically maintained and extended without unnecessary repetition.

Contents:

  • Introduction
  • Architectural Risk Patterns
  • Inheritance and Polymorphism
  • Pattern Assembly
  • Limitations