Automated Threat Modelling

The threat modelling process describes here is a manual process where different personnel from software development life cycle should work together. Recently there are several research works have started on automating the threat modelling process. Security testing is also labor intensive because a real-world program usually has too many invalid inputs. Also it requires engineers to have deep software security skills to carry out some of the most important steps of this process, and training them on security is expensive. So researchers are interested in finding ways to partially or fully automate the threat modelling and security testing process.

In 2012, Guifre Ruiz et al. has proposed a new automated approach to analyze software designs to identify, risk rank and mitigate potential threats to the system. They have designed a new data structure to detect threats in software designs called Identification Tree and another new data structure to classify threat countermeasures called Mitigation Trees. The information of both of these data structures has been taken from several relevant security sources and standards. They have modeled and automated approach that relies on the these data structures to identify the potential threats to a system design, to purge the less relevant threats according to the user's policies, and computes the software specifications to mitigate those threats [1].

Microsoft also introduces a threat modelling tool called Security Development Life Cycle (SDL) Threat modeling tool. It makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models [2].

While threat modeling can uncover the broad threats and vulnerabilities of an embedded system, it cannot mitigate those threats. To do so, development teams must practice defensive coding, engage in frequent code reviews, and perform penetration testing.

[1]. Guifre Ruiz et al.," Automating Threat Modeling through the Software Development Life-Cycle", Sep 2012(http://research.cs.wisc.edu/mist/papers/Guifre-sep2012.pdf)
[2]. SDL Threat Modeling Tool
http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx