Analysis Context Establishment and Asset Identification
Graphical editing of SysML system models representing the target of evaluation (TOE)
Structural modeling of system architecture and design using blocks, parts, ports and connections
Function and process modeling using activities and actions, along with allocations to design
Visualization and editing of function nets, allocations and other relations using a dependency editor
Marking of SysML elements as assets
Assigning of security attributes (confidentiality, integrity, availability, etc.) to assets
Enabling import and round-trip of system design models from ANSYS SCADE Architect, IBM® Rational® Rhapsody and Sparx Systems Enterprise Architect
Ensuring traceability of SysML models to requirements and security analysis tools such as TARA or attack trees
Threat Identification
Automatic creation of threat collections with potential threats derived from the assets and their security attributes by applying a mapping to the STRIDE categories
Selection of threats for later assessment
Pre-estimation of the likelihood of potential threats according to the definition in the HEAVENS project
Attack Trees and Attack Collections
Attack path calculations based on attack trees
Graphical editing to describe scenarios that lead to potential threats
Automatic layout and support to handle large attack trees by multiple diagrams
Creation of events and subtrees by drag-and-drop of attacks, threats, vulnerabilities and other system model elements
Compilation of the attacks forming the attack scenarios into attack collections
Pre-estimation of the likelihood of every attack
Threat Assessment and Treatment
Creation of a customizable table for threat assessment and treatment filled by drag and drop from threat collections
Estimation of impact and likelihood levels
Calculation of an overall security level
Definition of treatment strategies to handle the risk (mitigation, avoidance, acceptance, transfer)
Description and assignment of security measures and security requirements to further detail the treatment strategies
Requirement Analysis and Management
Application of graphical and table editors for security requirements
Visulaization of requirement hierarchies and traceability using diagrams
Allocation of requirements to systems architecture, hardware and software models, and to function models
Compatible operation with import, export and round-trip from/to requirements management systems such as IBM Rational Doors, IBM Rational Doors Next Generation, PTC Integrity and Jama, including custom attribute mapping
Support for general requirements exchange via ReqIF/RIF
Rich Traceability
Definition of traces between information elements of any type within medini analyze
Definition of traces using trace-matrix or by quick-trace functionality
Navigation via traces to related elements in other models
Visualization of trace elements in any diagram
Application of filters and hierarchies to support the usage of large trace matrices
Graphical visualization of traces (via a customizable dependency viewer) for impact analysis
Teamwork and Integrated Task Management
Project comparison with two-way and three-way difference analysis
Project merging functionality for team collaboration
Integration with configuration management systems (TortoiseSVM, IBM Rational CleaCase, PTC Integrity, etc.)
Management of model versions, support of team synchronization
Integration with issue tracking systems (e.g., Bugzilla, Trac, RTC, Redmine, Jira, Mantis, PTC Integrity, Microsoft Outlook)
Creation of tasks/comments for arbitrary model elements
Navigation from tasks to elements and vice versa
Context visualization for active tasks
Documentation of all decisions at the tasks
User notification, scheduling and email assignment
Reporting and Customization
Reporting functionality to generate PDF, Word, Excel or HTML documents for all project content
Default reporting for the security concept, including TOE, TARA, attack trees and security requirements
Customizable reporting framework to build corporate reports for safety-related work products
Profiling mechanism to add custom fields, references and queries to all models and analyses
Validating of extensible model rules to check for consistency across all project data
Scripting API with integrated Javascript engine for adding automoation features and building tool extensions