Ontology-driven Threat Modelling (OdTM) framework is a set of means for implementation of an ontological approach into automatic threat modelling of computer systems.
It is an OWASP Incubator Project.
The ontological approach, provided by the OdTM framework, has two general benefits. Firstly, it enables formalization of security related knowledge (architectual components and associated threats and countermeasures) of different computer system types (architectural domains) in form of domain-specific threat models (ontologies). Secondly, after a system architect has described a computer system in terms of a domain-specific model, for example, with DFD (Data Flow Diagram), it allows the use of automatic reasoning procedures to build a threat model of the system (i.e. figure out relevant threats and countermeasures).
To start using the OdTM framework, you can read this guide.
Our approach is based on a base threat model (ontology). The base model enables creation of various domain-specific threat models and their integration with external sources, like attack/vulnerability/weakness enumerations, also with catalogues of traditional security (threat) patterns.
We also have implementation of Academic Cloud Computing Threat Patterns (ACCTP) model as a domain-specific threat model and Integrated model of ATT&CK, CAPEC, and CWE.
All the models are implemented as OWL (Web Ontology Language) ontologies with Description Logics (DLs) as a mathematical background.
The framework includes a set of software tools for automation of the threat modelling process (in particular, an alternative threat rule engine).
The applications are built with Java, the OWL API and HermiT Reasoner libraries.
If you want to refer to OdTM, please, read this article and cite it:
Brazhuk A. Security patterns based approach to automatically select mitigations in ontology-driven threat modelling // Open Semantic Technologies for Intelligent Systems (OSTIS). – 2020. – №. 4. – С. 267-272
Note, the OWASP repository of the project is here (please send your contributions, issues etc. to this one). And a mirror is here.