Towards security threats that matter

Katja Tuma*, Riccardo Scandariato, Mathias Widman, Christian Sandberg

*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Architectural threat analysis is a pillar of security by design and is routinely performed in companies. STRIDE is a well-known technique that is predominantly used to this aim. This technique aims towards maximizing completeness of discovered threats and leads to discovering a large number of threats. Many of them are eventually ranked with the lowest importance during the prioritization process, which takes place after the threat elicitation. While low-priority threats are often ignored later on, the analyst has spent significant time in eliciting them, which is highly inefficient. Experience in large companies shows that there is a shortage of security experts, which have limited time when analyzing architectural designs. Therefore, there is a need for a more efficient use of the allocated resources. This paper attempts to mitigate the problem by introducing a novel approach consisting of a risk-first, end-to-end asset analysis. Our approach enriches the architectural model used during the threat analysis, with a particular focus on representing security assumptions and constraints about the solution space. This richer set of information is leveraged during the architectural threat analysis in order to apply the necessary abstractions, which result in a lower number of significant threats. We illustrate our approach by applying it on an architecture originating from the automotive industry.

Original languageEnglish
Title of host publicationComputer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers
EditorsJohn Mylopoulos, Costas Lambrinoudakis, Christos Kalloniatis, Frederic Cuppens, Nora Cuppens, Annie Anton, Sokratis K. Katsikas, Stefanos Gritzalis
PublisherSpringer Verlag,
Pages47-62
Number of pages16
ISBN (Print)9783319728162
DOIs
Publication statusPublished - 2018
Externally publishedYes
Event3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017 - Oslo, Norway
Duration: 14 Sept 201715 Sept 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10683 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017
Country/TerritoryNorway
CityOslo
Period14/09/1715/09/17

Bibliographical note

Funding Information:
Acknowledgments. This research was partially supported by the Swedish VINNOVA FFI project “HoliSec: Holistic Approach to Improve Data Security”.

Funding Information:
This research was partially supported by the Swedish VINNOVA FFI project “HoliSec: Holistic Approach to Improve Data Security”.

Publisher Copyright:
© Springer International Publishing AG 2018.

Copyright:
Copyright 2018 Elsevier B.V., All rights reserved.

Keywords

  • Architectural threat analysis
  • Security assets
  • STRIDE

Fingerprint

Dive into the research topics of 'Towards security threats that matter'. Together they form a unique fingerprint.

Cite this