Threat modelling is a systematic way of finding threats to IT security of a system. It consists of developing a model of the system and a tool identifying threats. While this approach is suitable for any system we will focus on the railway and automotive domain.
In this talk we will introduce the STRIDE approach to threat modelling and then proceed to the state-of-the-art research performed at AIT: Communication and data-flow diagrams that allow us to consider not only the logical, but also the physical architecture of a system.
We work on a system that will advance threat modelling by enabling a cooperative approach towards threat intelligence. We will give hands-on demonstrations of our system.