The OdTM Server implements an ontology-driven threat rule engine. Our plans include creation of a JSON-based remote API service, aimed to perform automatic threat modelling on a given system description through a domain-specific threat model.
At the moment you can try the simple console application that allows to load the base model and a set of domain-specific models and test them against a semantic interpretation of DFD. You can represent source data as:
-
a JSON file, compatible with the OWASP Threat Dragon tool. Creating a diagram with GUI of Threat Dragon, like this one, and processing by the OdTMServer application, you can get a threat model like this.
-
a text file with ABox axioms, like this one. You can get a simple console output, used for the test purposes.
To compile & run the application, follow this instruction.