To address these challenges, Senior Research Associate Avi Shaked, from Professor Tom Melham’s research group at the University of Oxford’s Department of Computer Science, extended TRADES – an innovative, Eclipse-based open-source tool for threat modelling and system security design – with new capabilities, including a novel automated reasoning mechanism.
System C’s Innovation Delivery team, in collaboration with the University of Oxford, has positioned TRADES to help organisations analyse their systems for vulnerabilities and integrate security measures into their systems engineering processes.
The Challenges
In developing the new TRADES capabilities, we aimed to address several key challenges:
Evolving vulnerability landscape
With new vulnerabilities of software components being disclosed every day, managing the vulnerability posture of systems is a continuous, demanding effort.
Communication across diverse stakeholders
Systems security engineering requires effective communication between security analysts, system designers, directors, regulators, risk managers and other stakeholders.
Innovation Delivery with System C
The University of Oxford worked with System C’s Innovation Delivery team to accelerate the development of TRADES. Together with Dr. Avi Shaked, System C designed and implemented new capabilities according to the university’s roadmap.
System C’s contributions were pivotal. We enhanced the TRADES modelling tool by integrating security knowledge bases such as MITRE’S CWE and NIST’s NVD, allowing TRADES users to access real-time vulnerability data. Furthermore, this was followed by implementing the novel automated reasoning mechanism, resulting in a tool that remains at the cutting edge of threat modelling and security by design.
Moreover, System C tackled significant usability challenges. According to the University’s specifications, we developed a prototype for a new web-based interface (in Python), which allows to communicate TRADES models with a broad range of stakeholders.
“Working with System C has been an enriching experience. Their technical expertise and dedication helped us meet our challenging goals, within budget constraints. They were capable in quickly learning pertinent aspects of the required infrastructure – such as Eclipse and Streamlit – to turn our research into a practical tool that can truly make a difference in the industry," said Avi Shaked, Senior Research Associate at the University of Oxford.
Benefits
TRADES is more than just a research tool; it represents a significant advancement in securing systems across diverse domains. By incorporating security knowledge bases, TRADES ensures that organisations can design systems for security proactively and more easily. The web-based interface makes TRADES models accessible to a wider audience, allowing to demonstrate the value of rigorous security by design, and, thereby, accelerating its adoption.
With the support of System C on this complex project, TRADES is rapidly evolving into a versatile, scalable solution that empowers organisations to integrate security into every stage of the system life cycle. This collaboration has not only accelerated development but also expanded the tool’s capabilities, bringing it closer to becoming the industry standard for systems security modelling.
"TRADES has transformed vulnerability management by design from a theoretical concept into a powerful, practical tool that is now capable of enhancing security in system designs across multiple industries. The value of TRADES lies in its ability to bridge the gap between threat modelling and real-world application, providing organisations with the design-level analysis they need to stay ahead of evolving threats," said Professor Tom Melham, University of Oxford.
Next Steps
If you'd like to view more of our success stories, please take a look at our large collection of case studies.
To explore how TRADES can support your organisation in integrating security into system design, contact us right away.