Ontology-driven Threat Modelling (OdTM) framework is a set of means for implementation of an ontological approach into automatic threat modelling of computer systems.
It is an OWASP Incubator Project.
The ontological approach, provided by the OdTM framework, has two general benefits. Firstly, it enables formalization of security related knowledge (architectual components and associated threats and countermeasures) of different computer system types (architectural domains) in form of domain-specific threat models (ontologies). Secondly, after a system architect has described a computer system in terms of a domain-specific model, for example, with DFD (Data Flow Diagram), it allows the use of automatic reasoning procedures to build a threat model of the system (i.e. figure out relevant threats and countermeasures).
Our approach is based on a base threat model (ontology). The base model enables creation of various domain-specific threat models and their integration with external sources, like attack/vulnerability/weakness enumerations, also with catalogues of traditional security patterns.
We also have an implementation of the Academic Cloud Computing Threat Patterns (ACCTP) model as a domain-specific threat model.
All the models are implemented as OWL (Web Ontology Language) ontologies with Description Logics (DLs) as a mathematical background.
The framework includes a set of software tools for automation of the threat modelling process. In particular, we are working on the OdTM Server as an alternative rule engine for threat modelling tools.
To start using the OdTM framework and cloud threat models, you can read this guide.
If you want to refer to OdTM, please, read this article and cite it:
Brazhuk A. Security patterns based approach to automatically select mitigations in ontology-driven threat modelling // Open Semantic Technologies for Intelligent Systems (OSTIS). – 2020. – №. 4. – С. 267-272
Base Threat Model
Domain-specific threat models
- Academic Cloud Computing Threat Patterns (ACCTP) model
- Common Cloud Computing Threat Model or CCCTM (obsolete)