摘要 |
An threats and countermeasures schema that can incorporate expertise into an application engineering activity is provided. For example, a threats and countermeasures schema can be applied to a threat modeling component to converge knowledge into the activity by identifying categories, vulnerabilities, attacks and countermeasures based upon an application type, user objective, etc. The novel threats and countermeasures schema can create a common framework that converges knowledge with respect to any application engineering activity (e.g. threat modeling). For example, the schema can include lists of threats and attacks that can be acted upon. As well, the framework can include a list of novel countermeasures based upon the attacks. Additionally, a context precision mechanism can be employed to automatically and/or dynamically determine a context of an application environment. This context can be used to automatically generate an appropriate schema based upon the determined application type.
|