Threat Modeling with Model-Based Systems Engineering (MBSE)
Software Engineering Institute
In the modern world, cyber threats pose a significant risk to businesses, organizations, and governments. Cyber threat modeling is an essential process for identifying and mitigating these threats. The ability to perform cybersecurity-related analysis such as threat modeling as early as the architecture phase of the system life cycle gives enterprise and solution architects as well as cybersecurity engineers a tool to ensure built-in security. Model-Based Systems Engineering (MBSE) is an emerging approach that can be used to support cyber threat modeling.
This presentation demonstrates an approach to extend the standard Unified Architecture Framework (UAF) Security Viewpoint with a Threat Modeling profile and Personal Viewpoint with an Involvement profile. The Threat Modeling profile provides the necessary tooling to incorporate threat modeling aspects of cybersecurity. The Involvement profile allows accommodating the complexity of the involvement of different stakeholders with the system’s processes. This presentation also describes both profiles and demonstrates how they enable threat modeling and threat analysis on a level as high as the operational architecture of a system.