The HEAVENS training course is designed to help students understand the HEAVENS security model. Safety and Security are two seemingly contradictory system features, which have challenged researchers for decades. Traditionally, these two features have been treated separately, but due to the increasing knowledge about their mutual impacts, similarities, and interdisciplinary values, they have become more important. The HEAling Vulnerabilities to ENhance Software Security and Safety (HEAVENS) security model analyzes threats based on Microsoft's STRIDE approach and ranks the threats based on a risk assessment.
The course begins with a discussion of the HEAVENS model and then compares the model to other models such as SAHARA. Next, the course covers threat analysis using STRIDE. The course concludes with a discussion on how to transition threat modeling output to the HEAVENS format and concludes with several case studies and exercises.
Purpose
|
Learn about the HEAVENS security model and how to transition output to HEAVENS format. |
Audience
|
Any technical professional looking to align existing processes for functional safety with usability for non-security specialists. |
Role
| Business Analyst - Project Manager - Software Developer - System Administrator - Technical Manager - Web Developer |
Skill Level
| Introduction |
Style
| Learning Spikes |
Duration
| 1 Day |
Related Technologies
| Design Patterns | Testing |
Productivity Objectives
- Describe the HEAVENS security model
- Compare and Contrast HEAVENS model to other models
- Evaluate how to transition outputs to HEAVENS
