APPLICATION DECOMPOSITION USING DATA OBTAINED FROM EXTERNAL TOOLS FOR USE IN THREAT MODELING
摘要
An illustrative embodiment of automated application decomposition collects a set of information specific to an application by a plurality of external tools. Predefined heuristics and corresponding predefined conclusions, categorized corresponding to each of a particular external tool domain, are applied to the set of information collected by the plurality of external tools to create an intermediate result. The intermediate result is analyzed to form a set of conclusions about factors, representative of the application, used in application decomposition. The set of conclusions is exported and used to generate a model of the application. Integration between an existing threat modeling tool and external software for a purpose of automated application decomposition is provided in which the model is a starting point for identification of threats and weaknesses specific to the application.
申请公布号
CA2876464(A1)
申请公布日期
2016.06.29
申请号
CA20142876464
申请日期
2014.12.29
申请人
IBM CANADA LIMITED - IBM CANADA LIMITEE
发明人
IONESCU, PAUL;AYOUB, KHALIL ANDRES;BISHT, KALPANA;CALENDINO, ROB P.;LEE, RICHARD R.;LIU, FEI;NGUYEN, DANIEL H.;ONUT, IOSIF VIOREL