Telfor Journal
how to cite this article
share this article


  • citations in SCIndeks: 0
  • citations in CrossRef:[1]
  • citations in Google Scholar:[]
  • visits in previous 30 days:43
  • full-text downloads in 30 days:29


article: 1 from 1  
Back back to result list
2020, vol. 12, iss. 1, pp. 56-61
Methods, methodologies, and tools for threat modeling with case study
aInfobip BH, Sarajevo, Bosnia and Herzegovina
bAS Holding, Tešanj, Bosnia and Herzegovina
cMinistry of Security of Bosnia and Herzegovina, Sarajevo, Bosnia and Herzegovina
dUniversity of Sarajevo, Federation of B&H,,,
The security of each system is essential for its use. In order to make this process as successful as possible, it is advisable to develop a threat model for the system under consideration at the design stage. The purpose of the threat model is to enable the identification of security threats, by whose further analysis we can conclude which are the greatest vulnerabilities of the system and which pose the greatest risk. There exist many different approaches to threat modeling in terms of methods, methodologies, and tools. In this paper, we give an overview of those approaches and apply one of them, i.e., the most represented and mature to a specific system. A STRIDE-based methodology, software-centric method, and Microsoft Threat Modeling Tool (MTMT) mixture has been used to threat model the Web of Things (WoT)-based temperature management system which is in the design phase.
*** (2020) Application threat modelling.
*** (2020) Common vulnerability scoring system version 3.0. calculator.
*** (2020) Microsoft threat modeling Tool.
Alberts, C.J., Dorofee, A.J., Stevens, J.F., Woody, C. (2003) Introduction to the OCTAVE approach. Software Engineering Institute, Carnegie Mellon University
Centar informacijske sigurnosti (CIS) (2012) Modeliranje sigurnosnih prijetnji (Threat modelling).
Eng, D. (2017) Integrated threat modelling. University Oslo, MSc Thesis,
Haider, M. (2017) Application threat modeling using DREAD and STRIDE.
Kadhirvelan, P.S., Söderberg-Rivkin, A. (2014) Threat modelling and risk assessment within vehicular systems. Chalmers University of Technology & University of Gothenburg, August, MSc Thesis,
Lund, M.S., Solhaug, B., Stolen, K. (2015) Model-driven risk analysis.
Meadows, P. (2018) Internet of things (IoT) architecture.
Meier, J.D., Mackman, A., Wastell, B., Bansode, P., Taylor, J., Araujo, R. (2010) Threat modeling Web applications.
Saitta, P., Larcom, B., Eddington, M. (2005) Trike v.1 methodology document.
Shevchenko, N., Chick, T.A., O'Riordan, P., Scanlon, T., Woody, C. (2018) Threat modeling: A summary of available methods.
Shostack, A. (2014) Threat modeling: Designing for security. John Wiley & Sons
Sobers, R. (2020) Must-know cybersecurity statistics for 2020.
Swiderski, F., Snyder, W. (2004) Threat modeling. Microsoft Press
W3C (2020) Web of things at W3C


article language: English
document type: unclassified
DOI: 10.5937/telfor2001056H
received: 11/03/2020
revised: 12/07/2020
accepted: 14/07/2020
published: 31/07/2020
published in SCIndeks: 09/10/2020

Related records

No related records