Framework for ontology-driven threat modelling of modern computer systems

Andrei Brazhuk, Evgeny Olizarovich


Threat modelling of a computer system is based on the system analysis of its architecture on early development stages (requirements, design) and creation of a threat model that represents security aspects of the system (threats and mitigations). Used in this field means, like data flow diagrams (DFD) and Application threat modelling approach (OWASP, Microsoft), are mainly informal and hard to involve automation.

In order to overcome these restrictions, we have created the ontology-driven threat modelling (OdTM) framework, which allows to use graphical notation of DFD diagrams and semantic domain-specific threat models to build threat models for different computer systems. Each domain-specific threat model has a set of typical components of some subject area and threats/countermeasures associated with these components. An end user can describe a computer system with DFD diagram(s), then reasoning procedures are able to build a threat model for that system.

The OdTM framework consists of a common approach of the architectural security analysis and method of semantic interpretation of DFD diagrams and automatic reasoning of relevant threats and countermeasures. We have developed the base threat model as OWL (Web ontology language) ontology that enables creation of domain-specific threat models as OWL ontologies and extension them with different external knowledge sources (knowledge “mining”, the Linked Open Data etc.). To illustrate proposed approach, we have used a semantic version of a model that depicts common threats against cloud computer systems.

Full Text:



Abi-Antoun M., Wang D., Torr P. Checking threat modeling data flow diagrams for implementation conformance and security //Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering. – ACM, 2007. – С. 393-396.

Ghijsen, M. A semantic-web approach for modeling computing infrastructures. / M. Ghijsen [et al.] // Computers & Electrical Engineering, - 2013. - 39(8). - P. 2553-2565.

Tasch M. et al. Security analysis of security applications for software defined networks //Proceedings of the AINTEC 2014 on Asian Internet Engineering Conference. – ACM, 2014. – С. 23.

Abomhara M., Gerdes M., Køien G. M. A stride-based threat model for telehealth systems //Norsk informasjonssikkerhetskonferanse (NISK). – 2015. – Т. 8. – №. 1. – С. 82-96.

Cagnazzo M. et al. Threat modeling for mobile health systems //2018 IEEE Wireless Communications and Networking Conference Workshops (WCNCW). – IEEE, 2018. – С. 314-319.

Sion L. et al. Solution-aware data flow diagrams for security threat modeling //Proceedings of the 33rd Annual ACM Symposium on Applied Computing. – ACM, 2018. – С. 1425-1432.

Berger B. J., Sohr K., Koschke R. Automatically extracting threats from extended data flow diagrams //International Symposium on Engineering Secure Software and Systems. – Springer, Cham, 2016. – С. 56-71.

Brazhuk A. Semantic model of attacks and vulnerabilities based on CAPEC and CWE dictionaries //International Journal of Open Information Technologies. – 2019. – Т. 7. – №. 3. – С. 38-41.

Brazhuk A. Building annotated semantic model of software products towards integration of DBpedia with NVD vulnerability dataset //International Journal of Open Information Technologies. – 2019. – Т. 7. – №. 7. – С. 35-41.


  • There are currently no refbacks.

Abava  Кибербезопасность MoNeTec 2024

ISSN: 2307-8162