Threat modeling: from infancy to maturity

Threat modeling involves the systematic identification and analysis of security threats in the context of a specific system. This paper starts from an assessment of its current state of practice, based on interactions with threat modeling professionals. We argue that threat modeling is still at a low level of maturity and identify the main criteria for successful adoption in practice. Furthermore, we identify a set of key research challenges for aligning threat modeling research to industry practice, thereby raising the technology-readiness levels of the ensuing solutions, approaches, and tools.

[1]  Wouter Joosen,et al.  SPARTA: Security & Privacy Architecture Through Risk-Driven Threat Assessment , 2018, 2018 IEEE International Conference on Software Architecture Companion (ICSA-C).

[2]  Riccardo Scandariato,et al.  Threat analysis of software systems: A systematic literature review , 2018, J. Syst. Softw..

[3]  Phil Hunt,et al.  OAuth 2.0 Threat Model and Security Considerations , 2013, RFC.

[4]  Elissa M. Redmiles,et al.  Applied Digital Threat Modeling: It Works , 2019, IEEE Security & Privacy.

[5]  William Yurcik,et al.  Threat Modeling as a Basis for Security Requirements , 2005 .

[6]  Riccardo Scandariato,et al.  Two Architectural Threat Analysis Techniques Compared , 2018, ECSA.

[7]  Adam Shostack,et al.  Experiences Threat Modeling at Microsoft , 2008, MODSEC@MoDELS.

[8]  John Steven,et al.  Threat Modeling - Perhaps It's Time , 2010, IEEE Security & Privacy.

[9]  Wouter Joosen,et al.  A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements , 2011, Requirements Engineering.

[10]  Wouter Joosen,et al.  Interaction-Based Privacy Threat Elicitation , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[11]  Riccardo Scandariato,et al.  A Privacy-Aware Conceptual Model for Handling Personal Data , 2016, ISoLA.

[12]  Riccardo Scandariato,et al.  Towards Security Threats that Matter , 2017, CyberICPS/SECPRE@ESORICS.

[13]  Elissa M. Redmiles,et al.  The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level , 2018, USENIX Security Symposium.

[14]  Karsten Sohr,et al.  Automatically Extracting Threats from Extended Data Flow Diagrams , 2016, ESSoS.

[15]  Tony Gorschek,et al.  A Model for Technology Transfer in Practice , 2006, IEEE Software.

[16]  Kim Wuyts,et al.  Privacy Threats in Software Architectures , 2015 .

[17]  Danny Dhillon,et al.  Developer-Driven Threat Modeling: Lessons Learned in the Trenches , 2011, IEEE Security & Privacy.

[18]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[19]  Robert Lagerström,et al.  Threat modeling - A systematic literature review , 2019, Comput. Secur..

[20]  Sven Türpe,et al.  The Trouble with Security Requirements , 2017, 2017 IEEE 25th International Requirements Engineering Conference (RE).

[21]  Wouter Joosen,et al.  A descriptive study of Microsoft’s threat modeling technique , 2015, Requirements Engineering.

[22]  Peter Torr,et al.  Demystifying the threat modeling process , 2005, IEEE Security & Privacy Magazine.