The analysis approach of ThreatGet

Nowadays, almost all electronic devices include a communication interface that allows to interact with them, exchange data, or operate their services remotely. The trend toward increased interconnectivity simultaneously increases the vulnerability of these systems. Due to the high costs associated with comprehensive security analysis, many manufacturers neglect the safety aspect of a product in order to avoid costs. However, the importance of secure IT systems is growing, as the security of a system can also influence safety-critical aspects. Standard security analysis approaches are nowadays still mainly based on time-intensive and error-prone manual activities. In this paper, we present the formal concepts of the automatic threat and vulnerability analysis tool ThreatGet. Therefore, we introduce the concept of the Extended Data-Flow Diagram that is used to represent the system under investigation in an abstracted form, and we highlight the formal analysis language of the tool. This domain-specific language is used to formulate so-called anti-patterns. These anti-patterns that can be interpreted by the tool for an automatic security analysis of the system. Besides the language declaration, we present the entire semantic evaluation of the language during the analysis. Parts of the definitions and elaborations of the diagram model and the analysis language were developed in the context of the master thesis of Korbinian Christl, in cooperation with the University of Vienna.