Navigating Polaris
Polaris simplifies the structural security posture analysis into three steps: Design, Analyze, and Summarize.
Design
The Design tab enables users to design their system models (using UML) and annotate those models with information such as security requirements and design decisions. It provides a graphical user interface to edit and visualize the system model as shown below. System models can also be imported and exported from this tab fulfilling user extensibility requirements.
Analyze
The Analyze tab performs the structural security posture analysis on the system designed or imported into Polaris in the Design tab. It provides a graphical user interface (UI) to edit and visualize the system model as shown below.
The Analyze tab is composed of three main sections.
The first section shows the system-level and element-level metrics for the system. A tabbed interface helps architects view relevant information in a concise form. It also helps ensure we do not overwhelm the architect with numbers from all our metrics at once, which would go against our requirement of ensuring the results are easy to understand. The system model provided in the Design tab of Polaris is analyzed each time the tab is opened. As part of this analysis, the attack surface and eigenvector centrality metrics described in Structural Security Posture are automatically computed based on the parameters chosen during the system design. Polaris also incorporates the data-driven threat metrics described in Data-driven Threat Metrics to leverage external data sources to perform threat analysis. To obtain these metrics, we use Merak. The security requirements and design decisions for each element (where available) are forwarded to Merak for this analysis. The results from that analysis are shown directly in the Analyze tab in Polaris minimizing the need for architects to jump between tools during analysis.
The middle section provides an interactive view of the system model provided. Selecting an element like a component, link, or datastore updates the element-level metrics accordingly.
The last section encapsulates the various parameters for the various elements of the system. This section also enables the architect to conduct ‘what-if’ analysis dynamically by manipulating values set during the design of the system to identify its effect on the system’s security posture. Only the relevant parameters are loaded based on the element selected in the middle section. Manipulating the parameters here does not overwrite the values present in the design but is purely to support dynamic security posture evaluation. If the architect is satisfied with new values for one or more elements after conducting a ‘what-if’ analysis, they can set these values in the system model through the Design tab.
Summarize
The Summarize tab, shown below, summarizes the results of the system model in a way that can be exported in PDF form for reference or comparison with system variants. It also downloads a copy of the system model under analysis to ensure that the results can be replicated.