Threat Modeling Knowledge for the Maritime Community

Architectural risk analysis is a manual technique to identify architectural security flaws that undermine a software system’s security concept. The Architectural Security Tool Suite ArchSec automates this process by applying static analyses to automatically extract architectural security views and employing a knowledge base to automatically detect application-independent architectural security flaws. This paper presents how ArchSec was extended to check existing BPMN diagrams for applicationdependent security flaws. Therefore, a model-driven approach is used to generate a knowledge base automatically. This generated knowledge base hosts rules checking an authorisation policy raised for a port community system (PCS). Then, the application-independent and the application-specific knowledge base were applied to BPMN diagrams of the mentioned PCS. The check successfully identified problems within the analysed system. Nevertheless, the generated knowledge base is application-specific, but it is transferable to other software systems interacting with the PCS system, creating a first domain-specific knowledge base for the port community