Actions

Telfor Journal
how to cite this article
share this article

Metrics

  • citations in SCIndeks: 0
  • citations in CrossRef:[1]
  • citations in Google Scholar:[]
  • visits in previous 30 days:43
  • full-text downloads in 30 days:29

Contents

article: 1 from 1  
Back back to result list
2020, vol. 12, iss. 1, pp. 56-61
Methods, methodologies, and tools for threat modeling with case study
aInfobip BH, Sarajevo, Bosnia and Herzegovina
bAS Holding, Tešanj, Bosnia and Herzegovina
cMinistry of Security of Bosnia and Herzegovina, Sarajevo, Bosnia and Herzegovina
dUniversity of Sarajevo, Federation of B&H

emailamina_hajric@hotmail.com, tariksmaka@hotmail.com, barakovic.sabina@gmail.com, jbarakovic@etf.unsa.ba
Abstract
The security of each system is essential for its use. In order to make this process as successful as possible, it is advisable to develop a threat model for the system under consideration at the design stage. The purpose of the threat model is to enable the identification of security threats, by whose further analysis we can conclude which are the greatest vulnerabilities of the system and which pose the greatest risk. There exist many different approaches to threat modeling in terms of methods, methodologies, and tools. In this paper, we give an overview of those approaches and apply one of them, i.e., the most represented and mature to a specific system. A STRIDE-based methodology, software-centric method, and Microsoft Threat Modeling Tool (MTMT) mixture has been used to threat model the Web of Things (WoT)-based temperature management system which is in the design phase.
References
*** (2020) Application threat modelling. https://versprite.com/security-offerings/appsec/application-threat-modeling
*** (2020) Common vulnerability scoring system version 3.0. calculator. https://www.first.org/cvss/calculator/3.0
*** (2020) Microsoft threat modeling Tool. https://www.microsoft.com/en-us/download/details.aspx?id=49168
Alberts, C.J., Dorofee, A.J., Stevens, J.F., Woody, C. (2003) Introduction to the OCTAVE approach. Software Engineering Institute, Carnegie Mellon University
Centar informacijske sigurnosti (CIS) (2012) Modeliranje sigurnosnih prijetnji (Threat modelling). https://www.cis.hr/files/dokumenti/CIS-DOC-2012-05-049.pdf
Eng, D. (2017) Integrated threat modelling. University Oslo, MSc Thesis, https://www.duo.uio.no/bitstream/handle/10852/55699/dae-thesis.pdf?sequence=1&isAllowed=y
Haider, M. (2017) Application threat modeling using DREAD and STRIDE. https://haiderm.com/application-threat-modeling-using-dread-and-stride
Kadhirvelan, P.S., Söderberg-Rivkin, A. (2014) Threat modelling and risk assessment within vehicular systems. Chalmers University of Technology & University of Gothenburg, August, MSc Thesis, http://publications.lib.chalmers.se/records/fulltext/202917/202917.pdf
Lund, M.S., Solhaug, B., Stolen, K. (2015) Model-driven risk analysis. http://coras.sourceforge.net
Meadows, P. (2018) Internet of things (IoT) architecture. https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-architecture
Meier, J.D., Mackman, A., Wastell, B., Bansode, P., Taylor, J., Araujo, R. (2010) Threat modeling Web applications. https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff648006(v=pandp.10
Saitta, P., Larcom, B., Eddington, M. (2005) Trike v.1 methodology document. http://www.octotrike.org/papers/Trike_v1_Methodology_Document-draft.pdf
Shevchenko, N., Chick, T.A., O'Riordan, P., Scanlon, T., Woody, C. (2018) Threat modeling: A summary of available methods. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=524448
Shostack, A. (2014) Threat modeling: Designing for security. John Wiley & Sons
Sobers, R. (2020) Must-know cybersecurity statistics for 2020. https://www.varonis.com/blog/cybersecurity-statistics
Swiderski, F., Snyder, W. (2004) Threat modeling. Microsoft Press
W3C (2020) Web of things at W3C
 

About

article language: English
document type: unclassified
DOI: 10.5937/telfor2001056H
received: 11/03/2020
revised: 12/07/2020
accepted: 14/07/2020
published: 31/07/2020
published in SCIndeks: 09/10/2020

Related records

No related records