Home » SHIELDS Tools

SeaMonster

Tool Details

Tool Name: SeaMonster
Tool Title Phrase: Security Modeling Software
Current Version: 3.0
Description: SeaMonster is a security modelling (US: modeling) tool continuously being developed by an open source community lead by SINTEF. The unique feature of SeaMonster is that it supports notations and modelling techniques that security experts and analyzers are already familiar with.
Modelling different security aspects, such as threats, causes and countermeasures within the same tool, enables developers to use SeaMonster as a common platform for security analysis and knowledge representation.
Today, security modelling is often done using some general purpose drawing tool (or temporarily written on the nearest blackboard). The purpose of creating SeaMonster was to develop a free, common platform for modelling security that can be used by security experts as well as developers and that will facilitate reuse of models. The long-term goal is to increase the general understanding of software threats and vulnerabilities, and reduce the amount of time it takes to model security by facilitating exchange and reuse of security models through SeaMonster.
Architecture: SeaMonster is based on Eclipse, which is basically an application platform where a very large set of plugins can be added to suit the needs of the users. The three main Eclipse plugin frameworks SeaMonster benefits from are the Graphical Modeling Framework (GMF), the Eclipse Modeling Framework (EMF) and the Graphical Editing Framework (GEF). GMF is a framework for developing Eclipse graphical editors, and functions as a bridge between EMF and GEF.
List of Features: SeaMonster currently supports the following models:
  • Misuse cases (what are the main threats to the system)
  • Attack trees (how can the system be attacked)
  • Vulnerability cause Graphs (what are the causes to the system vulnerabilities, notation to be updated)
  • Security Activity Graphs (describes how to perform a security activity, notation to be updated)
  • Security model (experimental notation for connecting various security model diagrams)
Web site: http://seamonster.wiki.sourceforge.net/
Contact information: Per Håkon Meland, Research Scientist SINTEF ICT
Per.H.Meland@sintef.no
Other informations: Available for download at https://sourceforge.net/projects/seamonster/
Paper: "SeaMonster: Providing tool support for security modeling" [PDF]
Tool presentation: Presentation: [PDF] [PPT]
Tool demonstration: https://sourceforge.net/projects/seamonster/files/SeaMonster Demonstration Video/SeaMonsterDemo4.avi/download