Solution-aware data flow diagrams for security threat modeling

Sion, Laurens; Yskout, Koen; Landuyt, Dimitri Van; Joosen, Wouter

doi:10.1145/3167132.3167285

Cited by 41 publications

(39 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This yields a list of threats that is both holistic and specific to the SUT. This can also be extended with security building blocks that refine the threat derivation [7]. The two basic components of a threat model therefore pose an ideal tool to achieve the system modeling for security TCG: the DFD represent an abstraction of the SUT, while the according threat template represent an abstraction of the threats to the system.…”

Section: Threat Modelingmentioning

confidence: 99%

Integrating Threat Modeling and Automated Test Case Generation into Industrialized Software Security Testing

Marksteiner

Ramler

Sochor

2019

Proceedings of the Third Central European Cybersecurity Conference

View full text Add to dashboard Cite

Industrial Internet of Things (IIoT) application provide a whole new set of possibilities to drive efficiency of industrial production forward. However, with the higher degree of integration among systems, comes a plethora of new threats to the latter, as they are not yet designed to be broadly reachable and interoperable. To mitigate these vast amount of new threats, systematic and automated test methods are necessary. This comprehensiveness can be achieved by thorough threat modeling. In order to automate security test, we present an approach to automate the testing process from threat modeling onward, closing the gap between threat modeling and automated test case generation. CCS CONCEPTS• Computer systems organization → Embedded and cyberphysical systems; • Security and privacy → Network security; Systems security; • Networks → Cyber-physical networks.

show abstract

Section: Threat Modelingmentioning

confidence: 99%

Integrating Threat Modeling and Automated Test Case Generation into Industrialized Software Security Testing

Marksteiner

Ramler

Sochor

2019

Proceedings of the Third Central European Cybersecurity Conference

View full text Add to dashboard Cite

show abstract

“…This section provides some background information on threat modeling in general, and the previously developed extension [18] we rely on to enable the risk analysis techniques discussed further on. Note that other security or privacy extensions [2,4,21] could be used as well.…”

Section: Background On Threat Modelingmentioning

confidence: 99%

“…Since security solutions are more complex and often span multiple elements, a more extensive representation is used in our approach. We rely on a more expressive representation of security countermeasures as patterns [18]. These patterns specify roles for the DFD elements involved in the pattern and specify the countermeasures that apply security protections to those roles.…”

Section: Security and Privacy Extensionsmentioning

confidence: 99%

“…Additionally, in earlier work, we have also performed a qualitative evaluation of the DFD security enrichments, by comparing it with security property-based solutions such as the Microsoft Threat Modeling Tool 2016 [13], showing positive improvements in terms of semantic quality, traceability, separation of concerns, and dynamism [18].…”

Section: Functional Validationmentioning

confidence: 99%

“…In these existing approaches and applications, data flow diagrams remain largely security and privacy agnostic models, with only minor, and often ad-hoc, additions for security or privacy. However, recently there have been several proposals for extensions to these data flow diagrams in order to have a more systematic representation of security-and privacy-relevant information in order to elicit the most relevant security and/or privacy threats [2,4,18,21].…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Risk-based design security analysis

Sion

Yskout

Landuyt

et al. 2018

Proceedings of the 1st International Workshop on Security Awareness From Design to Deployment

Self Cite

View full text Add to dashboard Cite

Implementing security by design in practice often involves the application of threat modeling to elicit security threats and to aid designers in focusing efforts on the most stringent problems first. Existing threat modeling methodologies are capable of generating lots of threats, yet they lack even basic support to triage these threats, except for relying on the expertise and manual assessment by the threat modeler. Since the essence of creating a secure design is to minimize associated risk (and countermeasure costs), risk analysis approaches offer a very compelling solution to this problem. By combining risk analysis and threat modeling, elicited threats in a design can be enriched with risk analysis information in order to provide support in triaging and prioritizing threats and focusing security efforts on the high-risk threats. It requires the following inputs: the asset values, the strengths of countermeasures, and an attacker model. In his paper, we provide an integrated threat elicitation and risk analysis approach, implemented in a threat modeling tool prototype, and evaluate it using a real-world application, namely the SecureDrop whistleblower submission system. We show that the security measures implemented in SecureDrop indeed correspond to the high-risk threats identified by our approach. Therefore, the risk-based security analysis provides useful guidance on focusing security efforts on the most important problems first. CCS CONCEPTS • Security and privacy → Software security engineering; • Software and its engineering → Risk management;

show abstract

On the Applicability of Security and Privacy Threat Modeling for Blockchain Applications

et al. 2020

Self Cite

View full text Add to dashboard Cite

Elicitative threat modeling approaches such as Microsoft STRIDE and LINDDUN for respectively security and privacy use Data Flow Diagrams (DFDs) to model the system under analysis. Distinguishing between external entities, processes, data stores and data flows, these system models are particularly suited for modeling centralized, traditional multi-tiered system architectures. This raises the question whether these approaches are also suited for inherently decentralized architectures such as distributed ledgers or blockchains, in which the processing, storage, and control flow is shared among many equal participants To answer this question, we perform an in-depth analysis of the compatibility between blockchain security and privacy threat types documented in literature and these threat modeling approaches. Our findings identify areas for future improvement of elicitative threat modeling approaches.

show abstract

Solution-aware data flow diagrams for security threat modeling

Cited by 41 publications

References 23 publications

Integrating Threat Modeling and Automated Test Case Generation into Industrialized Software Security Testing

Integrating Threat Modeling and Automated Test Case Generation into Industrialized Software Security Testing

Risk-based design security analysis

On the Applicability of Security and Privacy Threat Modeling for Blockchain Applications

Contact Info

Product

Resources

About