Visible to the public Biblio

Filters: Keyword is model enrichment  [Clear All Filters]
2019-02-13
Sion, Laurens, Yskout, Koen, Van Landuyt, Dimitri, Joosen, Wouter.  2018.  Knowledge-enriched Security and Privacy Threat Modeling. Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings. :290–291.
Creating secure and privacy-protecting systems entails the simultaneous coordination of development activities along three different yet mutually influencing dimensions: translating (security and privacy) goals to design choices, analyzing the design for threats, and performing a risk analysis of these threats in light of the goals. These activities are often executed in isolation, and such a disconnect impedes the prioritization of elicited threats, assessment which threats are sufficiently mitigated, and decision-making in terms of which risks can be accepted. In the proposed TMaRA approach, we facilitate the simultaneous consideration of these dimensions by integrating support for threat modeling, risk analysis, and design decisions. Key risk assessment inputs are systematically modeled and threat modeling efforts are fed back into the risk management process. This enables prioritizing threats based on their estimated risk, thereby providing decision support in the mitigation, acceptance, or transferral of risk for the system under design.