In the last post we discussed how the STRIDE attack categories, which developers use to find ‘threats to our products’, can be integrated with Factors Analysis of Information Risk (FAIR). Now we will deal with the issue some developers may face when they have already used their enterprise system design modeling method then are faced with having to essentially duplicate that effort building a threat model. The following describes a potential alternative.
ArchiMateTM is defined by the ArchiMate Specification Standard (ArchiMate 3.1 Specification). The document’s objective explains that “…the ArchiMate Enterprise Architecture modeling language (is) a visual language with a set of default iconography for describing, analyzing, and communicating many concerns of Enterprise Architectures as they change over time. The standard provides a set of entities and relationships with their corresponding iconography for the representation of Architecture Descriptions.”
It goes on to introduce that “The ArchiMate Enterprise Architecture modeling language provides a uniform representation for diagrams that describe Enterprise Architectures. It includes concepts for specifying inter-related architectures, specific viewpoints for selected stakeholders, and language customization mechanisms. It offers an integrated architectural approach that describes and visualizes different architecture domains and their underlying relations and dependencies. Its language framework provides a structuring mechanism for architecture domains, layers, and aspects. It distinguishes between the model elements and their notation, to allow for varied, stakeholder-oriented depictions of architecture information. The language uses service-orientation to distinguish and relate the Business, Application, and Technology Layers of Enterprise Architectures, and uses realization relationships to relate concrete elements to more abstract elements across these layers.”
Here are a few key terms:
Attribute – A property associated with an ArchiMate language element or relationship.
Layer – An abstraction of the ArchiMate framework at which an enterprise can be modeled.
Consider that developers in organizations using ArchiMate may be required by their security group to model their system again using a threat modeling tool. The underlined text above suggests that it is possible to use ArchiMate to prepare a Threat Model view for an enterprise architecture, using available Custom Properties for recording threat model attribute data.
I participated in a few meetings between the Open Group’s Security Forum and the ArchiMate Forum that demonstrated how the robust ArchiMate capabilities including Attributes and Layers can be used to model a FAIR analysis. I understand it is possible to augment current ArchiMate capabilities to perform quantitative FAIR analysis. It seems likely that ArchiMate capabilities can be extended to analyze Threat Models.
While the two modeling approaches result in different looking diagrams, they capture the same information. The key difference is that the Microsoft tool individually depicts the to and from logical communications between processes, where ArchiMate records the communication-related attributes with the processes themselves and depicts the Communication Network as a separate element.
We’ll close with the premise that ArchiMate can potentially be augmented to perform threat modeling analysis. Using ArchiMate for threat modeling can reducing potentially duplicate modeling by the development team (assuming they use ArchiMate through the development process).