Documente Academic
Documente Profesional
Documente Cultură
Name
STRIDE
DREAD
Abusers Stories
Stride Average Model
Attack Tress
9 Fuzzy Logic
Microsoft Threat Modeling
1 T-Map
10 CORAS
TRIKE
11 The CIAA Threat Model Process
11 The Data Lifecycle Threat Model Process
17 ITM SYSTEMS AND THREAT MODEL
http://www.ptatechnologies. PTA Practical Threat Analysis Calculative Threat Modeling Methodology
Threat Assessment & Remediation Analysis
18 Quantative Threat Modeling Methodoligies
Fault Trees
Atatck Trees
Atatck Nets
Threat Nets
Author Name
SDLC Phase
Application
Domain
Requirements
Requirement
Requirements
Grid infrastructure
Requirements
Grid infrastructure
Design
Design
Threat Analysis
Requirement
Requirement
Web systems
Personal Networks
Design
g Paradigm
Design
Design
Design stage
Objectives
quantifying, comparing and prioritizing the amount of risk presented by each evaluated threat
6 step threat methodology apply early repeatedly and during development lifecylce
provides a strong quantitaive method to evaluate the security
to analyze the system behaviour in terms of threats and their message exchange
The paper present a novel approach for addressing the threat modeling in pervasive computing and p
Study Type
Implementation
Limitations
Methodology Name/tools+J45
Formal or Semi-Formal
DREAD modeling
Outcome artifact
Model
Document
threat model and document (CORAS diagram
model
threat model
Threat Identification
Group threats into categories, DFD is developed and apply these steps on each node.
DFD ,
Analyze on the following: Damage
Reproducibility
Exploitability
Affected users
Discoverability
identifying threats, understanding threats, categorizing threats using STRIDE, identifying mitigation st
Use case ->DFD, 2-Map S&P threats to DFD (threats->Privacy protection goals ()Unlikability, transpare
TMQ, Action selection by the user(possible actions identified by sources(history, professionals estimat
1-Define scope(context diagram ; persons + technical) , 2-Assett identification (For all identified doma
1-use cases, 2-network overview from that scenarios, 3-technical background in usecases(Make DFD o
Establish user/service roles and usage Scenario (use case) , Identify security domains and their interf
Results
ntify misusecase scenarios, 4-Risk based quantification (Attack trees or DREAD), 5-S&P requirements
ntify assetts) , 3-Domain knowledge (Document the assumptions ), 4- Describe attackers (for every assett and a
y assets in usecases, 5-identify threat (threat scenarios and attack trees), 6- identify vulnerabilities (from thre
each security domain, Vulnerabilities and their countermeasures , Risk Evaluation, Detecting new threats and
he basis of threat scenarios and assetts), 5-risk estimation (on threat diagram (likelihood , assett value)) , 6-risk
P requirements
rs (for every assett and assumption identify attackers ), 5-Identify threats (relationship between attacker and as
vulnerabilities (from threat scenarios and their likelihood ), 7- risk assessment (determine risks on the basis of i
ihood , assett value)) , 6-risk evaluation (risk diagram), 7-risk treatment (threat diagrams->treatment diagrams
hip between attacker and assett), 6- Documentation (document with the diagram)
ermine risks on the basis of identified threats) , 8- determine the result (rank the threats to risk, usecase to the
ms->treatment diagrams)
Processes
Techniques
Design
string, alliases
To do- 2moro
From the abstracts first threat modeling than find the alliases for that.
Attacker Centric
Threat Centric
Attack Centric
Assset centric
System centric
25-3-2016
Examples
Specific
Exampples in different domains
Paper ID
Name
SDLC Phase
Application
Applied on
which phase of Application
SDLC
area/domain
Web systems,
distributed data
storage systems
Design
2 STRIDE
Design
Web applictions
4,5
Requiremnts ,
Design
Biobank clouds
Design
Industrial Control
Systems
Fault-Tolerant
Systems
Threat-based Security
Analysis for the Internet of
10 Things
Design
Internet of Things
Systems
Determine Information
Security Features for Smart
Grid through Constructing a
11 Threat Model
Design
Web Services
Cloud Applications
Design
Design
Design
20 UMLSec
Pervasive
computing ,
ubiquitous networks
Social Networks
Design
21 T-Map
Design
COTS(Commercial of
the shelf systems)
Design
Distributed Data
Storage Systems
Design
Distributed Data
Storage Systems
Privacy-by-Design Based on
Quantitative Threat
23 Modelling
Design
Web Systems
25 l
Design
Smart Grid
infrastructurre
Additional /
Overlap
Phases
Objectives
Problem
If applied on
multiple
phases on
SDLC
Example:
Microsoft
Threat
Modelling:
Repeatedly
in lifecycle
research
in threat modeling has yet to
For the purpose of improving mature as established techniques,
the
and tools to aid formal analysis and
trustworthiness of software
evaluation of
designs, this paper presents a software threats are still
unified threat model for
insufficient. To address this
representing, analyzing, and issue, this paper presents a unified
evaluating
threat model to formally
No on design software threats at various
represent, analyze, and evaluate
stage
design stages
software threats.
No
No
Yes
No
No
No
to modeling
security threats to
applications and to deriving
security failuretolerant
requirements from the
threats.
No
to
analyze the cost-effectiveness
of how system patching
and upgrades can improve
security.
sensitive to an organizations
business value
priorities and IT environment. Cost
effectiveness
No
thorough
analysis of the security and
privacy properties that are
required
for a system where the
constituent devices vary in
their
capabilities.s
aiming at analyzing
information security risks on
SGN through constructing a
threat model.
on Smart Grid
network (SGN), the accompanying
information security attacks
will affect the reliability and
usability of Smart Grid
applications.
No
No
No
No
No
No
No
No
No
To improve by integrating
security requirements analysis
with a satndard development
process
No
No
to present systematic
processes toward threat
modeling for storage systems.
No
to present systematic
processes toward threat
modeling for storage systems.
No
to provide architects of
privacy-respecting systems
with the adequate Privacy by
design tools to make objective
design decisions about their
Existing privacy by design approach
services.
lack quantification
No
No
Formal or Semi-Formal
Methodology
Semi formal
Methodology
Technique
Threat Nets
Process
Semif formal
Methodology
Semiformal
Process
Semi formal
Semi formal
Method
Methodology,
Approach
Method
Semi formal
Methodology
Methodology
FLOWTHING MODEL
NETWORK VULNERABILITY
RELATION MODEL
Framework
Method
UMLSec
Method
Process
Process
Appraoch /
Methodology
Method
Method
Outcome artifact
Threat Identification
Threat Modelling
Threat Analysis
Attack paths
Threat Model
Threat Model
The examination of
threat sources against
system vulnerabilities to
determine the threats
for a particular system
in a particular
operational
environment.
1-Model the system with DFD 2Map the DFD elements to threat
categories 3- Elicit the threats
process
Threats of DFD
elements
Privacy threat
model
Threat Model
Privacy Threats
(using threat tree
patterens)
Risk Evaluation
Report
Attack path
calculations
Threat Model
Rsik Assessment
(Table form)
Use case
description with
threat points
Threat Model
Threat Tree
Threat Model
Threat Model
Modified DFD
Threat Model(using
petri net)
Graph
Threat Model
Model
Threat
Table(likelihood,
impact,
prioritization
Threat
Model(Graph)
Attack path
calculations
Threat Model
Threat Model
Threat Model
(Attack Tree)
Quantified Rsik
Table
1- Use case(For S&P Req) , 2-DFD, 3Map S&P threats to DFD, 4-Identify
misusecase scenarios, 5-Risk based
quantification
DFD
Test sequences on
the basis of threat
tree
Qualitative threat
model(Atatck
paths)
Quantitaive threat
model
Attacker centric
Protocol Centric