⏩ GIVEN WHEN THEN Threat Modeling

The Threat Gazette
1

Ever wondered how to not get water bombed by children in summer?? :sweat_droplets: :sweat_droplets: :sweat_droplets: :wink:

I’ve had a fun time exploring the capabilities of :fast_reverse_button: :play_button: :fast_forward_button: GIVEN WHEN THEN Threat Modeling! :slight_smile:

:fast_reverse_button: :play_button: :fast_forward_button: GIVEN WHEN THEN is a threat description template.

What I find particular interesting is that it develops Attack Defense Tree equivalent expressiveness, as soon as we start to reuse and refine conditions and also work with those structures.

As an example, I implemented a probability propagation simulation based on those structures. :robot: We can see how input probabilities at the sources spread through the system.

Here’s the write-up and demo - featuring :light_bulb: inspiration and insights, :pencil: threat model editor and :robot: simulation and some example threat models.

I’m curious… :speech_balloon: :speech_balloon:

  • Do you have any feedback?
  • What were your experiences with GIVEN WHEN THEN?
  • When working with GIVEN WHEN THEN… Have you “connected the dots” and worked with those structures?
  • I’d love to include more cool examples. :smiling_face_with_three_hearts: Would you like to contribute?
  • What’s missing?