Terminology Profiles for ISO/SAE 21434
To address the challenge of different terminologies in different contexts and for different customers, Terminology Profiles are introduced. Currently, there are two predefined Terminology Profiles: one for MoRA and one for ISO/SAE 21434. In the Assessment Model part of your project you will find a new node to adapt the terms from the referenced default profile. Also menus, context actions, explanations and so on are updated respectively. If you change the default profile or adapt the terminology, you have to click “Refresh / Customize” or restart the application for changes to take effect.
To ease the reuse of Impact Options/Damage Criteria, Damage Scenarios were introduced, as suggested by ISO/SAE 21434. Now you can just reference them from the Assets/Security Goals. Impact Options/Damage Criteria are not modelled in the Damage Potential relation anymore.
Added ISO/SAE 21434 Example
The “Headlamp System” example from the ISO/SAE 21434 Annex G draft is added to the examples shipped with the itemis SECURE. It is available under “<install-dir>/examples/ISO21434” and can be opened as itemis SECURE Project. The System Diagram of the example is shown in Figure 1.
Figure 1: System-Diagram of “headlamp” example from ISO21434 draft
Simplified Drill Down and Eisplay of External Data Flows
In the System Diagram you can now drill into a component by “double-clicking”. To go up you can use the “Go Up” button in the left top corner (left of “Fit View”). When drilled into a component, incoming and outgoing Data Flows from other components (which are not contained in that component) are still visible and surrounded with a “dotted” border. For example, Figure 2 shows the component “Item Boundary” from Figure 1. Figure 3 shows the component “Headlamp System” from Figure 2.
Figure 2: Drilled into component “Item Boundary” (from Figure 1).
Figure 3: Drilled into component “Headlamp System” (from Figure 2).
The “Find Text” action gives you the ability to search for arbitrary text in your project (in names, titles, descriptions, rationales, …). Click on the search icon in the toolbar or press “Ctrl+Shift+A”, type “Find Text” in the popup and select the “Find Text (in Property)” action. In the appearing “Find Text” dialog, you can enter your search term. Results are displayed in a separate window which is located at the bottom left by default.
XSAM Import/Export Extended
So far XSAM could only Import and Export System elements (Components, Data, …). With this version elements from Assessment Model (Assessment Model, Production Rules, Security Property Matrix), Catalogs (Threats Catalog, Controls Catalog, Technologies Catalog) and Security Analysis can also be imported from XSAM and exported to XSAM.
Multiline Descriptions with Crosslinks
All descriptions where changed from single-line to multi-line descriptions. To change them you can use the “Edit”-Button, “double-click” into the description text or press “Enter” when the cursor is next to the Edit-Button. To Save your changes, press “Ctrl+Enter”, to cancel press “Esc”.
You can also add hyperlinks to your descriptions:
- [<name of element>]: use name as presentation
- [<name of element>|<presentation of element>]: custom presentation
- Press “Ctrl+Alt+L” and select an element from the menu: default presentation as custom presentation
Another benefit: “Find Usages” also regards links in descriptions.
Channels can have multiple Endpoints
With this version of itemis SECURE, Channels can have an arbitrary number of endpoints instead of two. Thus, for Data Flows no direction is specified. Instead, the source and target endpoint have to be set. This improvement allows you to model network infrastructure like a bus more naturally.
Various Fixes and Improvements
- Added description fields where missing
- Improved inspectors
- Fixed “Fit View” button in System Diagram
- Added explanation to report items and improved respective menus
- Fixed link to User Guide on MacOs