Threat analysis of software systems: A systematic literature review

K. Tuma*, G. Calikli, R. Scandariato

*Corresponding author for this work

Research output: Contribution to JournalArticleAcademicpeer-review

Abstract

Architectural threat analysis has become an important cornerstone for organizations concerned with developing secure software. Due to the large number of existing techniques it is becoming more challenging for practitioners to select an appropriate threat analysis technique. Therefore, we conducted a systematic literature review (SLR) of the existing techniques for threat analysis. In our study we compare 26 methodologies for what concerns their applicability, characteristics of the required input for analysis, characteristics of analysis procedure, characteristics of analysis outcomes and ease of adoption. We also provide insight into the obstacles for adopting the existing approaches and discuss the current state of their adoption in software engineering trends (e.g. Agile, DevOps, etc.). As a summary of our findings we have observed that: the analysis procedure is not precisely defined, there is a lack of quality assurance of analysis outcomes and tool support and validation are limited.

Original languageEnglish
Pages (from-to)275-294
Number of pages20
JournalJournal of Systems and Software
Volume144
DOIs
Publication statusPublished - Oct 2018
Externally publishedYes

Bibliographical note

Funding Information:
This research was partially supported by the Swedish VINNOVA FFI project “HoliSec: Holistic Approach to Improve Data Security”.

Publisher Copyright:
© 2018 Elsevier Inc.

Copyright:
Copyright 2018 Elsevier B.V., All rights reserved.

Keywords

  • Risk assessment
  • Security-by-design
  • Software systems
  • Systematic literature review (SLR)
  • Threat analysis (modeling)

Fingerprint

Dive into the research topics of 'Threat analysis of software systems: A systematic literature review'. Together they form a unique fingerprint.

Cite this