The Open Web Application Security Project (OWASP®) Foundation works to improve the security of software through its community-led open-source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences. One of its projects is the development of the OWASP Ontology-driven Threat Modeling (OdTM) framework.
The threat modeling approach has been mainly informal and hard to involve automation. The common approach of threat modeling includes an analysis of computer system architecture in the early stages of the development process and the creation of a threat model. Data Flow Diagrams (DFD) are often used to represent the system organization.
The OdTM framework aims to overcome the constraints in the earlier approaches by leveraging a common approach of the architectural security analysis and method of semantic interpretation of DFD diagrams and automatic reasoning of relevant threats and countermeasures.
The OdTM framework facilitates the implementation of an ontological approach into automatic threat modeling of computer systems. It enables the formalization of security-related knowledge of different computer system types in the form of domain-specific threat models, or ontologies in the Web Ontology Language (OWL) format.
The framework helps security professionals in simplifying the collection of knowledge and sharing it with software architects, developers, and users. Furthermore, the framework allows describing a computer system in terms of a domain-specific threat model with a data flow diagram and the use of automatic reasoning procedures to build a threat model of the system.
The OdTM framework simplifies the automation of the threat modeling process. It would help in creating domain-specific threat models; different domain-specific threat models; and developing an ontology-driven threat rule engine, and a graphical user interface editor of domain-specific threat models.
Click here to read the original article published by the Open Web Application Security Project.
Please give your feedback on this article or share a similar story for publishing by clicking here.
