Using Attack Path Formalisation Analysis in Software Design Stage Threat Modelling Method

This research proposes a comprehensive method for threat modeling in the software design stage, incorporating attack path formalization analysis. The approach involves extracting software defect information through UML active graph decomposition of the application or system and performing threat modeling. The method comprises several steps, including creating and modeling use cases, generating an application/system silhouette, decomposing the application/system using the active graph, constructing a threat tree with key asset information as the threat object, classifying and evaluating the threat object, and calculating the attack path of the threat tree. By comparing it with existing approaches, this invention aims to enhance software product safety, improve software quality, broaden the application range of threat modeling, and achieve automation in threat modeling, resulting in reduced technical threshold, cost, and development time for trusted software development.