
⏪▶️⏩ GIVEN WHEN THEN ≅ Petri Nets
When I published how GIVEN WHEN THEN structures in Threat Modeling are similar to Attack Defense Trees, I received though-provoking feedback that really took it to the next level:
Raphael Ahrens noticed there's a graph structure that better fits GIVEN WHEN THEN structures: Petri nets!
Petri nets are composed of "places"
Consuming inputs. More than GIVEN WHEN THEN, Petri nets' special capability is that transitions can consume their inputs. In GIVEN WHEN THEN, this would be a new language feature which I like to call GIVEN AWAY x. This makes for a huge increase in their expressiveness: They can model decisions, limited resources, no return trap states, ... Execution order becomes relevant and transitions may fire again and again.
Too powerful? From a computational complexity point of view, Petri net reachability contains NP complete problems such as SAT and CLIQUE. It is questionable if their expressiveness overwhelms computational resources or is feasible for practical problems and input sizes.
Potential to be discovered. The further potential of Petri nets in Threat Modeling is yet to be explored...
GIVEN WHEN THEN Graph Drawing
Raphael also got hooked by GIVEN WHEN THEN and created a Github project that reads GIVEN WHEN THEN threat models in my notation and renders them like a Petri net.
Examples. Here's some of the beautiful pictures his software made from my example threat models, taken from his Github. I had provided those examples in my original publication to showcase and simulate some GIVEN WHEN THEN. Click to open full size.
👨🏼💻 Application security example

💧 Not getting wet in summer

⛓️⛓️💥 Understanding chains

🅰️🅱️ Understanding alternatives
