Threat-modeling of an embedded system includes receiving a design of the embedded system, the design comprising a component; receiving a feature of the component; identifying an asset associated with the feature, where the asset is targetable by an attacker; identifying a threat to the feature based on the asset; obtaining an impact score associated with the threat; and outputting a threat report that includes at least one of a first description of the threat or a second description of a vulnerability, a respective feasibility score, a respective impact score, and a respective risk score.
展开▼