The following screenshot shows the template itself and a specific threat type that was added: Figure 2 – View of the tailored threat types from the template editorĭuring a number of automotive threat modeling workshops, the template has been used to provide our clients with a view of the threats and attacks to their automotive systems. The following screenshot provides a view of a sample threat model created using the template: Figure 1 – Sample threat model using the Automotive TM Template
#Sdl threat modeling tool v3 how to#
Recommendations that suggest how to mitigate the threats.Attack Methods to potentially exploit the identified threats and to help further with the creation of Attack Trees.Priority, based on the risk of every threat applied in its context.Threat Types and Categories that follow the STRIDE classification, based on known and potential threats to the connected cars’ components.Trust Boundaries that take into consideration the environment and the vehicle-to-vehicle (V2V) networks.Data Flows that correspond to the messages exchanged over the air or inside the vehicle itself.External Interactors tailored to an automotive system.
Processes and Data Stores related to the components of connected cars.The template permits the creation of specific automotive threat models with: The lack of a specific template for automotive threat modeling brought about the development of the Automotive TM Template, which takes advantage of a new feature in the MS Threat Modeling Tool 2016 that allows the creation of entirely new customised templates.
With the goal to assist with this approach, the MS Threat Modeling Tool 2016 provides a way to use Data Flow Diagrams (DFDs) to identify threats in the design phase of any software/hardware and understand potential attacks based on the identified threats.Ī threat modeling workshop for automotive-related technologies requires DFDs with custom elements, tailored threats and specific recommendations.
The STRIDE approach has proved to be an effective way to highlight and categorise threats. The Automotive Threat Modeling (TM) Template was created using the Microsoft (MS) Threat Modeling Tool 2016 and therefore threat models are created using this product.īackground & Motivations: Why the template? In order to assist with the need to secure automotive vehicles, we developed a customised template for automotive threat modeling activities, tailored to the threats affecting the cyber security posture of connected vehicles. Threat mitigation is an important part of the security development lifecycle (SDL) and at NCC Group we have been performing a number of threat modeling workshops focused specifically on the automotive sector.Ĭonsidering the increasing research and media attention in relation to connected cars, it is fundamental to understand the threats affecting these new emerging systems and technologies.