论文信息 - Experiences Threat Modeling at Microsoft

Experiences Threat Modeling at Microsoft

Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data flow diagrams and a threat enumeration technique of ‘STRIDE per element.’ The paper covers some lessons learned which are likely applicable to other security analysis techniques. The paper closes with some possible questions for academic research.

Adam Shostack | A. Shostack

[1] Lorrie Faith Cranor,et al. A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[2] Frank Swiderski,et al. Threat Modeling , 2018, Hacking Connected Cars.

[3] Steve Lipner,et al. Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[4] Marwan Abi-Antoun,et al. Checking threat modeling data flow diagrams for implementation conformance and security , 2007, ASE.