Finding security threats that matter: Two industrial case studies

Tuma, Katja; Sandberg, Christian; Thorsson, Urban; Widman, Mathias; Herpel, Thomas; Scandariato, Riccardo

doi:10.1016/j.jss.2021.111003

Cited by 12 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, DFDs may include trust boundaries which denote transitions of the respective trust assumptions between sections of the model [20]. The aptitude of DFDs regarding their use in threat analyses is a topic of scientific discussion and several enhancements to account for shortcomings exist [19,21]. Regarding IIoT-systems, the incapability to model physical aspects will be more specifically considered and motivates the proposal of the adapted DFD notation.…”

Section: System Modellingmentioning

confidence: 99%

“…Regarding IIoT-systems, the incapability to model physical aspects will be more specifically considered and motivates the proposal of the adapted DFD notation. One aspect of enhancement included in the eSTRIDE methodology will be utilized as a reference [21].…”

Section: System Modellingmentioning

confidence: 99%

“…The classes are "Spoofing", "Tampering", "Repudiation", "Information Disclosure", "Denial-Of-Service" and "Elevation-Of-Privilege" [20]. Deviations to account for challenges such as threat explosions and cyber-physical systems are discussed in varying literature [21,22]. One of these approaches is called eSTRIDE and is relevant to our proposed methodology.…”

Section: Threat Analysismentioning

confidence: 99%

See 2 more Smart Citations

Development Process for Information Security Concepts in IIoT-Based Manufacturing

Koch

Eggers

Schüppstuhl

2022

Lecture Notes in Mechanical Engineering

View full text Add to dashboard Cite

Digital technologies are increasingly utilized by manufacturers to make processes more transparent, efficient and networked. Novel utilization elicits the challenge of preventing deployed information technology from compromising processual security. The digital enabling of formerly analog operation technology, the extensive use of information technology connectivity like MQTT, TCP/IP, Wi-Fi, and the deployment of IoT edge computing platforms create an application scenario for the Industrial Internet of Things (IIoT), which also introduces the associated vulnerabilities, which have been extensively exploited in the past. This paper introduces a development process for information security concepts designed for production scenarios based on the IIoT. This concept is then applied using an illustrative use case from aircraft production. The main contents of the development process include: Formulation of reasonable assumptions, system modelling, threat analysis including risk assessment, recommendation of countermeasures, reassessment after incorporating countermeasures. Specifically, a Data Flow Diagram as the model is developed, and a “risk first” variation of the STRIDE methodology is applied to identify threats and prioritize them. The aforementioned state-of-the-art methodologies are adjusted to our cyber-physical use case in the IIoT. The resulting concept aims to enable manufacturing processes to be digitized as sought. The adjustments to the methodologies are independent from our use case and may be suitable to a broad field of scenarios in the IIoT.

show abstract

Section: System Modellingmentioning

confidence: 99%

Section: System Modellingmentioning

confidence: 99%

Section: Threat Analysismentioning

confidence: 99%

See 1 more Smart Citation

Development Process for Information Security Concepts in IIoT-Based Manufacturing

Koch

Eggers

Schüppstuhl

2022

Lecture Notes in Mechanical Engineering

View full text Add to dashboard Cite

show abstract

“…We use the STRIDE threat categories to distinguish different type of threats. Tuma et al [37,38] noticed that expert analysis tend to be more balanced in terms of their review of different threat categories, while non-experts tend to report a high number of tampering, denial of service and information disclosure threats.…”

Section: Independentmentioning

confidence: 99%

“…Empirical evidence of threat analysis performance indicators is a crucial piece of the puzzle to improve the situation. But, past empirical studies were either inconclusive about some performance indicators [38] or have focused on measuring performance indicators irrespective of the human factors [31,37,40]. Yet measuring such human factors is pivotal to understanding how to close the security workforce gap in the future.…”

Section: Introductionmentioning

confidence: 99%

Human Aspect of Threat Analysis: A Replication

Tuma¹,

Mbaka²

2022

Preprint

Self Cite

View full text Add to dashboard Cite

Background: Organizations are experiencing an increasing demand for security-by-design activities (e.g., STRIDE analyses) which require a high manual effort. This situation is worsened by the current lack of diverse (and sufficient) security workforce and inconclusive results from past studies. To date, the deciding human factors (e.g., diversity dimensions) that play a role in threat analysis have not been sufficiently explored.Objective: To address this issue, we plan to conduct a series of exploratory controlled experiments. The main objective is to empirically measure the human-aspects that play a role in threat analysis alongside the more well-known measures of analysis performance. Method: We design the experiments as a differentiated replication of past experiments with STRIDE. The replication design is aimed at capturing some similar measures (e.g., of outcome quality) and additional measures (e.g., diversity dimensions). We plan to conduct the experiments in an academic setting. Limitations: Obtaining a balanced population (e.g., wrt gender) in advanced computer science courses is not realistic. The experiments we plan to conduct with MSc level students will certainly suffer this limitation.

show abstract