Full Program
Summary:
Threat modelling is vital for cybersecurity risk management, especially in secure system development and certification. This paper presents ThreatSpider, a semi-automated framework powered by Cyber Threat Intelligence (CTI) sources to streamline threat identification, mitigation, and cybersecurity requirements. By integrating multiple CTI feeds like ATT&CK, ATLAS, and NVD, ThreatSpider continuously generates up-to-date threat models, reducing manual effort and analysis time. It supports agile development while ensuring compliance with standards like IEC 62443 and ISO 27001. Evaluations demonstrate its adaptability and effectiveness for cybersecurity certification. Future improvements will expand its scope, refine system property granularity, and integrate threat prioritization and risk assessment.Author(s):
Ahmed Amro
NTNU
Norway
Georgios Kavallieratos
NTNU, UiO
Norway