| Title | Knowledge-enriched Security and Privacy Threat Modeling |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Sion, Laurens, Yskout, Koen, Van Landuyt, Dimitri, Joosen, Wouter |
| Conference Name | Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5663-3 |
| Keywords | Design, Human Behavior, metric, model enrichment, pubcrawl, Resiliency, security, threat mitigation, threat modeling |
| Abstract | Creating secure and privacy-protecting systems entails the simultaneous coordination of development activities along three different yet mutually influencing dimensions: translating (security and privacy) goals to design choices, analyzing the design for threats, and performing a risk analysis of these threats in light of the goals. These activities are often executed in isolation, and such a disconnect impedes the prioritization of elicited threats, assessment which threats are sufficiently mitigated, and decision-making in terms of which risks can be accepted. In the proposed TMaRA approach, we facilitate the simultaneous consideration of these dimensions by integrating support for threat modeling, risk analysis, and design decisions. Key risk assessment inputs are systematically modeled and threat modeling efforts are fed back into the risk management process. This enables prioritizing threats based on their estimated risk, thereby providing decision support in the mitigation, acceptance, or transferral of risk for the system under design. |
| URL | http://doi.acm.org/10.1145/3183440.3194975 |
| DOI | 10.1145/3183440.3194975 |
| Citation Key | sion_knowledge-enriched_2018 |
Knowledge-enriched Security and Privacy Threat Modeling