Automating the construction of a security threat and mitigation pattern library

Risk management is one of the most important aspects of the engineering process of secure systems. Here the challenge is to select a sufficient set of measures for risk treatment. Especially for information and cyber security risks deciding on a sufficient set of treatment measures or controls requires expert knowledge. Controls can cover multiple risks and can depend on other controls. We present here a concept how the knowledge of approved Protection Profiles can be processed with natural language processing (NLP) to form security patterns.

Christoph Schmittner – Austrian Institute of Technology
Johannes Hellrich – Friedrich Schiller University Jena

Download presentation