Threat modelling

Problem / Context

Neo will need to resist several security and privacy threats that need to be adressed via a threat analysis.

Goal

The solution architecture should contain a threat model that considers security and privacy requirements including metadata protection. It should also take extendibility and maintainability into account and how changing requirements or new technologies effect the system.

ACs

Security objectives are defined.
Known threats are documented.
The documentation includes a list of adversary categories
The documentation includes a list of mitigation strategies, concrete measures and security requirements protecting against the identified threats.
- This includes a decription of our Zero Trust approach.

Notes/ resources

Threat modelling for IRIS Connect
https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html
see Chapter 3.2.3.3 in BSI TR-03185
Requirement uIDs: ZaPuK_140; LB_50; LB_90

Who needs to be involved / informed

involved:
informed:

Edited Dec 02, 2025 by icarl