Overview
The Design pillar encompasses Vehicle Modeling, System Architecture, and Program Management within the ThreatZ platform. It provides the structural foundation that all other pillars — TARA, SBOM, Testing, Operations, and Compliance — build upon. The module enables teams to define, import, and visualize the complete E/E architecture of a vehicle, map software deployments to hardware, and manage organizational programs.
Key Concepts
Programs
Programs are the top-level organizational container. Each program has a lifecycle status (Planning, Active, Archived), a set of members with defined roles, associated policies, and one or more linked projects. Programs provide the governance boundary for vehicle architecture definitions.
Vehicle Architecture Workspaces
Vehicle Architecture Workspaces are program-level containers for vehicle modeling. Each workspace supports:
- 3D car model visualization with component marker placement
- 2D topology layout with viewport persistence
- Part-based anchoring (dashboard, front-bumper, engine bay, rear-axle, roof, door-panel, trunk, wheel-well, underbody, center-console, steering-column, headliner)
- Per-user camera and visibility preferences (labels, wires, shell, doors, glass, interior)
Component Instances
Component Instances represent deployed components within the system architecture. Supported types include:
- Compute: ECU, TCU, MCU/SoC, HPC, HSM, Crypto Engine
- Network: Ethernet Switch, Zonal Gateway, Transceiver
- Peripherals: Sensor, Actuator, Memory Storage, External Device
- Software: Software Unit, Cloud Service, Infotainment ECU
- Structural: Boundary (trust boundary), Item Boundary (composite)
Each component carries security properties (trust boundary classification), hardware details (part number, supplier, version), software version tracking, subsystem classification, and links to threat model assets.
Component Connections
Component Connections define the communication links between components. Each connection specifies:
- Protocol type: CAN, CAN FD, LIN, FlexRay, Ethernet, TCP/UDP, MQTT, HTTPS, gRPC, USB, UART, SPI, QSPI, I2C, MDIO, GPIO, PCIe, Wi-Fi, Bluetooth, Cellular, OBD, JTAG, SWD, eMMC, UFS, MOST, T1, Backplane, and more
- Bandwidth with units (bps, Kbps, Mbps, Gbps)
- Encryption: None, TLS, IPsec, MACsec
- Data contracts with classification: Safety-critical, Personal, Secrets, Sensitive Telemetry, IP, None
- Redundancy level and bus topology support
Architecture Import
Enterprise Architect (EA) Components are imported architecture elements from external modeling tools. The platform supports:
- Enterprise Architect XMI
- Cameo/MagicDraw XMI
- Rhapsody XMI
- Papyrus XMI
- SysML XMI
- Generic UML XMI
- System Composer XML
Import includes auto-format detection, stereotype extraction, deployment hint analysis, and confidence-scored mapping suggestions to link EA components to system model instances.
Software Units
Software Units represent software deployments on component instances. Each unit can be linked to an SBOM file (with S3-staged upload and finalization workflow), a GitHub repository (with webhook-based sync for branch/tag/release tracking), and AUTOSAR classification.
System Modeling Canvas
The system modeling canvas provides an interactive graph-based editor for building and visualizing E/E architecture:
- Drag-and-drop component placement with type-specific icons
- Real-time collaborative editing with user presence indicators
- Operation-based delta sync via WebSocket for multi-user sessions
- Context menus for node and edge operations
- Layout persistence per user (viewport, zoom, pan positions)
- Trust boundary visualization with warnings for misconfigured boundaries
- Item boundary support for composite component grouping
Architecture Import Workflow
- Upload architecture file (XMI, XML, or System Composer format)
- Platform auto-detects format and parsing strategy
- Components, interfaces, and relationships are extracted
- Mapping suggestions are generated based on name similarity, protocol matching, and deployment hints
- User reviews and approves/rejects mappings (with confidence scores)
- Approved mappings create or link component instances in the system model
- Uncreated components are tracked for follow-up
Software-to-Hardware Traceability
The module builds a complete trace chain from physical hardware to software vulnerabilities:
System Component (ECU) → Component Instance → Software Unit → SBOM File → SBOM Component → Vulnerability (CVE)This chain enables:
- Weakness tree analysis: Aggregate vulnerabilities from software through hardware hierarchy
- SBOM consistency validation: Verify SBOM components match architecture model expectations
- Impact propagation: Understand how a single CVE affects the broader vehicle platform
Integration with Other Pillars
| Direction | Pillar | Data Flow |
|---|---|---|
| Outbound | TARA | Component instances become threat model assets |
| Outbound | SBOM | Software units link to SBOM files for vulnerability tracking |
| Outbound | Testing | Architecture defines test bench configuration and ARXML exports |
| Outbound | Compliance | Architecture documentation serves as evidence for work products |
| Outbound | Operations | Component topology feeds attack surface visualization |
| Inbound | SBOM | Vulnerability counts propagate back to component health indicators |
Data Storage
- MongoDB: Component instances, connections, interfaces, EA components, software units, system graphs
- Neo4j: Vehicle architecture graph (components, buses, member relationships) for relationship queries and topology analysis
- S3: SBOM file staging, architecture import files