GIVEN WHEN THEN as Attack Tree

⏪▶️⏩ GIVEN WHEN THEN ≅ Petri Nets

When I published how GIVEN WHEN THEN structures in Threat Modeling are similar to Attack Defense Trees, I received though-provoking feedback that really took it to the next level:

Raphael Ahrens noticed there's a graph structure that better fits GIVEN WHEN THEN structures: Petri nets!

Petri nets are composed of "places" (≈ GIVEN/THEN) and "transitions" (≈ WHEN) . They start with an "initial marking" what is given. There's rules how transitions fire non-deterministically and state evolves. Their description is highly formalized and there's interesting research about their properties.

Consuming inputs. More than GIVEN WHEN THEN, Petri nets' special capability is that transitions can consume their inputs. In GIVEN WHEN THEN, this would be a new language feature which I like to call GIVEN AWAY x. This makes for a huge increase in their expressiveness: They can model decisions, limited resources, no return trap states, ... Execution order becomes relevant and transitions may fire again and again.

Too powerful? From a computational complexity point of view, Petri net reachability contains NP complete problems such as SAT and CLIQUE. It is questionable if their expressiveness overwhelms computational resources or is feasible for practical problems and input sizes.

Potential to be discovered. The further potential of Petri nets in Threat Modeling is yet to be explored...

GIVEN WHEN THEN Graph Drawing

Raphael also got hooked by GIVEN WHEN THEN and created a Github project that reads GIVEN WHEN THEN threat models in my notation and renders them like a Petri net.

Examples. Here's some of the beautiful pictures his software made from my example threat models, taken from his Github. I had provided those examples in my original publication to showcase and simulate some GIVEN WHEN THEN. Click to open full size.

👨🏼‍💻 Application security example

👨🏼‍💻 Application security example GIVEN WHEN THEN threat model rendered as a Petri net

💧 Not getting wet in summer

💧 Not getting wet in summer GIVEN WHEN THEN threat model rendered as a Petri net

⛓️⛓️‍💥 Understanding chains

⛓️⛓️‍💥 Understanding chains GIVEN WHEN THEN threat model rendered as a Petri net

🅰️🅱️ Understanding alternatives

🅰️🅱️ Understanding alternatives GIVEN WHEN THEN threat model rendered as a Petri net

Contributors

Thanks

Raphael and I got to know each other from the German chapter of Threat Modeling Connect - TMC DACH. What a fruitful and fun exchange! Thanks, Raphael, for your insights. Thanks, Threat Modeling Connect, for connecting us.