Harmat is an engine for HARM (Hierarchical Attack Representation Model) analysis used in the Safelite project. It is written using Cython with the Boost Graph Library for speed. However, the API closely follows NetworkX to the point that you can use NetworkX functions directly.
Safelite: A Security Assessment Framework for Software Systems.
The "Safelite" framework is a semi-automated, attacker-centric approach to software risk assessment, focusing on identifying and analyzing attack paths within a system. It utilizes a Hierarchical Attack Representation Model (HARM) to model attack scenarios and evaluate security posture, offering a more detailed and attacker-focused perspective than traditional frameworks.
Installation guideline is available upon request: Link
HARMer: Cyber-attacks Automation and Evaluation
We proposed a novel automation framework for cyber-attacks generation named `HARMer' to address the challenges with respect to manual attack execution by the red team. Our novel proposed framework, design, and implementation is based on a scalable graphical security model called Hierarchical Attack Representation Model (HARM).
Related papers:
Source code is available upon request: Link
AV-HARM in AuSSE framework
AuSSE (Autonomous Vehicle Security and Safety Evaluation): A novel framework designed to assess both the cybersecurity and safety aspects of autonomous vehicles. It aims to answer the core question: How can cyberattacks impact operational safety in AVs?
VHARM (Vehicle Hierarchical Attack Representation Model): The graphical security model developed within the AuSSE framework. VHARM is used to identify attack paths, assess security risks, and visualize vulnerabilities in in-vehicle systems. It enables evaluation of attack scenarios, defense strategies, and security metrics, and is supported by a visualization tool using JSON-based architecture inputs for modeling
Related papers:
Nguyen NH, Cho JH, Moore TJ, Yoon S, Lim H, Nelson F, Bai G, Kim DD. AuSSE: A Novel Framework for Security and Safety Evaluation for Autonomous Vehicles. In2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S) 2024 Jun 24 (pp. 1-5). IEEE.
Jungebloud T, Nguyen NH, Kim DD, Zimmermann A. Model-based structural and behavioural cybersecurity risk assessment in system designs. Computers & Security. 2025 Jun 11:104543.
Nguyen NH, Ge M, Cho JH, Moore TJ, Yoon S, Lim H, Nelson F, Bai G, Kim DD. Graphical security modelling for Autonomous Vehicles: A novel approach to threat analysis and defence evaluation. Computers & Security. 2025 Mar 1;150:104229.
AV-HARM
source code is available at: https://github.com/ziz0301/AVHARM
visualisation tool is available at: https://ziz0301.github.io/AVHARM/index.html