Introduction to ThreatGet
This section introduces ThreatGet and demonstrates how to develop a small example. However, before we can model an example, we should first create a project, followed by a ThreatGet diagram.
Creating a project
The first step is creating an empty project that aims to store, manipulate, and manage one or multiple models. A new project is created from the EA's "Start Page" or the top menu.
Creating a diagram
The next step is to add a model; this can be done by right-clicking the Model or pressing the New Model button from the Project Browser.
Then clicking on Add a Model using Wizard, and search for ThreatGet as shown below.
You can choose between THREATGET diagrams (i.e., Empty diagram or existing example).
The following sections show how to create a simple example on ThreatGet from scratch or use the existing one.
Modeling a Simple Example
This section provides an overview of how to use THREATGET to create a simple example. As described before, you can create an empty ThreatGet model once you create the EA's project. So, in our case, select Empty All Domains Diagram and click on Create Model(s) to create an empty diagram.
Let's use the following high-level systematic model and start to model it on ThreatGet.
The model depicts an External Interactor (e.g., a vehicle) communicating with Vehicle2 by sending data as a critical asset to the other vehicle (i.e., Vehicle2). Vehicle2 receives data via the Communication Module and forwards it to the Main ECU to process and control vehicle movement via the Actuator. A boundary is defined that encompasses all elements. Each communication channel (data flow) passes through ports (red-squares); these ports act as the initial defense line for a component, where any violation of applied security properties could threaten the entire system. The following video shows steps for creating this model on THREATGET using its elements, connectors, assets, ports, and boundaries.
Use the Existing Diagram
The user can utilize a pre-defined example by selecting Example Diagram and clicking on Create Model(s) to create the existing example. This example is modeled by AIT that contains elements, connections, ports, interfaces, assets, and tagged values from the THREATGET Toolbox.
This diagram is a reasonable basis for the first execution of THREATGET.
You can now open the default example by expanding the Model and then THREATGET Example and double-clicking on Threat Model.
Once you create your own model or use the existing one, you are ready to perform a threat analysis.