In this first part, after providing some fundamentals of Model-Based Design in the context of security risk analysis, we show how you can identify assets in your architecture, and how they can be automatically linked to the risk analysis. Next, you will learn how to systematically identify threats using the STRIDE method, and how to refine those threats using public threat/attack catalogs like CAPEC, ATT&CK, or the EMB3D threat model from MITRE. The outcome of this webinar will be a list of assets that are synchronized to your architectural models, and a list of threats that apply to each of these assets.
Highlights
- Fundamentals of Model-Based Design in the context of security risk analysis
- Asset identification and tagging
- Possible automation to identify/discover assets
- Threat identification via STRIDE method
- Threat refinement using public catalogs such as CAPEC
About the Presenters
Marco Bimbi is a Principal Application Engineer focusing on Model Based Systems Engineering workflows for safety critical applications. Marco joined MathWorks in 2022. Before joining The MathWorks, he has worked for 10+ years in aerospace as well as rails industries such as Rolls-Royce and Deutsche Bahn focusing on Systems Engineering workflows for safety critical applications. During his career he held various roles such as Control Systems Architect, Model Based Systems Engineering Specialist and Requirements Manager. At MathWorks Marco helps customers to leverage MathWorks toolchain, including System Composer, for their Systems Engineering workflow. Moreover, Marco provides industry insight to the MathWorks development team to drive future product capabilities
Martin Becker is a Principal Application Engineer at The MathWorks and an independent security researcher. He received his Ph.D. in software verification from Technical University of Munich for his work on real-time computer systems, and has 20 years of experience in embedded systems, amongst others working as avionics engineer at Airbus Defense & Space, Research Engineer at Tata Consultancy Services, and Lecturer at Singapore Institute of Technology. In his daily work, he supports customers from all industries in the efficient development of safety-critical software and certification according to industrial standards, accompanies the development of innovative verification tools, and uses them himself as an ethical hacker in the field of FOSS software.
Register here: Cybersecurity: Identifying Asset & Threats - MATLAB & Simulink