Integrating Threat Modeling and Automated Test Case Generation into Industrialized Software Security Testing

Abstract: Industrial Internet of Things (IIoT) application provide a whole new set of possibilities to drive efficiency of industrial production forward. However, with the higher degree of integration among systems, comes a plethora of new threats to the latter, as they are not yet designed to be broadly reachable and interoperable. To mitigate these vast amount of new threats, systematic and automated test methods are necessary. This comprehensiveness can be achieved by thorough threat modeling. In order to automate se… Show more

“…However, similar to the previous case, automation is only applied to the security testing and not to the model creation (Marback et al 2013). In Marksteiner et al (2019), a method to use threat models was demonstrated to automate security tests towards Industrial Internet of Things devices. In Patil and Pawar (2012), web applications were targeted, future possibilities were discussed, and several problems were identified that must be solved to achieve automated model creation for fully automated testing.…”

Automating threat modeling using an ontology framework

“…However, similar to the previous case, automation is only applied to the security testing and not to the model creation (Marback et al 2013). In Marksteiner et al (2019), a method to use threat models was demonstrated to automate security tests towards Industrial Internet of Things devices. In Patil and Pawar (2012), web applications were targeted, future possibilities were discussed, and several problems were identified that must be solved to achieve automated model creation for fully automated testing.…”

Automating threat modeling using an ontology framework

Towards a holistic approach to security validation of construction machinery through HIL systems

ThreatGet: Ensuring the Implementation of Defense-in-Depth Strategy for IIoT Based on IEC 62443