Abstract: In order to improve the security of civil aviation passenger service system, threat modeling is built in SDL, constructing and enriching the threat knowledge base suitable for civil aviation business system. Meanwhile,effective mitigation measures are proposed aiming at various threats, forming a new threat model based on STRIDE and civil aviation threat knowledge base. This threat modeling method is effective to identify the security risks faced in the process of system construction, being not only suitable for existing systems, but also for the risk analyses during the design and development stages of new systems. The current method solves the contradiction between security personnel and system developers, which can effectively reduce the threshold of threat analysis，and the cost of software security risk and system development and operation.

Key words: threat modeling, STRIDE, data flow diagram, knowledge base