Published May 8, 2023 | Version v1
Conference paper Open

Enabling Model-Based Security Engineering - Automated Attack Tree Generation in ThreatGet

  • 1. Austrian Institute of Technology


Security analysis as the initial step of security engineering is of utmost importance. Current approaches are mostly manual and neither connected to system engineering nor following established model-based approaches. We present here a novel approach to automatically derive Attack Trees based on a system model, enhanced with security-related information. The approach is based on STRIDE Threat Modeling, but utilizes a set of novel features to identify potential attack paths. With this, new regulations, requiring security analysis for more domains can be addressed and we enable system engineers to evaluate the security during design time and follow a risk-based security-by-design approach.