Analysis Context Establishment and Asset Identification

  • Graphical editing of SysML system models representing the target of evaluation (TOE)
  • Structural modeling of system architecture and design using blocks, parts, ports and connections
  • Function and process modeling using activities and actions, along with allocations to design
  • Visualization and editing of function nets, allocations and other relations using a dependency editor
  • Marking of SysML elements as assets
  • Assigning of security attributes (confidentiality, integrity, availability, etc.) to assets
  • Enabling import and round-trip of system design models from ANSYS SCADE Architect, IBM® Rational® Rhapsody and Sparx Systems Enterprise Architect
  • Ensuring traceability of SysML models to requirements and security analysis tools such as TARA or attack trees
Analysis Context Establishment and Asset Identification

Threat Identification

  • Automatic creation of threat collections with potential threats derived from the assets and their security attributes by applying a mapping to the STRIDE categories
  • Selection of threats for later assessment
  • Pre-estimation of the likelihood of potential threats according to the definition in the HEAVENS project
Threat Identification

Attack Trees and Attack Collections

  • Attack path calculations based on attack trees
  • Graphical editing to describe scenarios that lead to potential threats
  • Automatic layout and support to handle large attack trees by multiple diagrams
  • Creation of events and subtrees by drag-and-drop of attacks, threats, vulnerabilities and other system model elements
  • Compilation of the attacks forming the attack scenarios into attack collections
  • Pre-estimation of the likelihood of every attack
Attack Trees and Attack Collections

Threat Assessment and Treatment

  • Creation of a customizable table for threat assessment and treatment filled by drag and drop from threat collections
  • Estimation of impact and likelihood levels
  • Calculation of an overall security level
  • Definition of treatment strategies to handle the risk (mitigation, avoidance, acceptance, transfer)
  • Description and assignment of security measures and security requirements to further detail the treatment strategies
Threat Assessment and Treatment

Requirement Analysis and Management

  • Application of graphical and table editors for security requirements
  • Visulaization of requirement hierarchies and traceability using diagrams
  • Allocation of requirements to systems architecture, hardware and software models, and to function models
  • Compatible operation with import, export and round-trip from/to requirements management systems such as IBM Rational Doors, IBM Rational Doors Next Generation, PTC Integrity and Jama, including custom attribute mapping
  • Support for general requirements exchange via ReqIF/RIF
Requirement Analysis and Management

Rich Traceability

  • Definition of traces between information elements of any type within medini analyze
  • Definition of traces using trace-matrix or by quick-trace functionality
  • Navigation via traces to related elements in other models
  • Visualization of trace elements in any diagram
  • Application of filters and hierarchies to support the usage of large trace matrices
  • Graphical visualization of traces (via a customizable dependency viewer) for impact analysis
Rich Traceability

Teamwork and Integrated Task Management

  • Project comparison with two-way and three-way difference analysis
  • Project merging functionality for team collaboration
  • Integration with configuration management systems (TortoiseSVM, IBM Rational CleaCase, PTC Integrity, etc.)
  • Management of model versions, support of team synchronization
  • Integration with issue tracking systems (e.g., Bugzilla, Trac, RTC, Redmine, Jira, Mantis, PTC Integrity, Microsoft Outlook)
  • Creation of tasks/comments for arbitrary model elements
  • Navigation from tasks to elements and vice versa
  • Context visualization for active tasks
  • Documentation of all decisions at the tasks
  • User notification, scheduling and email assignment
Teamwork and Integrated Task Management

Reporting and Customization

  • Reporting functionality to generate PDF, Word, Excel or HTML documents for all project content
  • Default reporting for the security concept, including TOE, TARA, attack trees and security requirements
  • Customizable reporting framework to build corporate reports for safety-related work products
  • Profiling mechanism to add custom fields, references and queries to all models and analyses
  • Validating of extensible model rules to check for consistency across all project data
  • Scripting API with integrated Javascript engine for adding automoation features and building tool extensions
Reporting and Customization