Abstract
Architectural threat analysis is a pillar of security by design and is routinely performed in companies. STRIDE is a well-known technique that is predominantly used to this aim. This technique aims towards maximizing completeness of discovered threats and leads to discovering a large number of threats. Many of them are eventually ranked with the lowest importance during the prioritization process, which takes place after the threat elicitation. While low-priority threats are often ignored later on, the analyst has spent significant time in eliciting them, which is highly inefficient. Experience in large companies shows that there is a shortage of security experts, which have limited time when analyzing architectural designs. Therefore, there is a need for a more efficient use of the allocated resources. This paper attempts to mitigate the problem by introducing a novel approach consisting of a risk-first, end-to-end asset analysis. Our approach enriches the architectural model used during the threat analysis, with a particular focus on representing security assumptions and constraints about the solution space. This richer set of information is leveraged during the architectural threat analysis in order to apply the necessary abstractions, which result in a lower number of significant threats. We illustrate our approach by applying it on an architecture originating from the automotive industry.
Original language | English |
---|---|
Title of host publication | Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers |
Editors | John Mylopoulos, Costas Lambrinoudakis, Christos Kalloniatis, Frederic Cuppens, Nora Cuppens, Annie Anton, Sokratis K. Katsikas, Stefanos Gritzalis |
Publisher | Springer Verlag, |
Pages | 47-62 |
Number of pages | 16 |
ISBN (Print) | 9783319728162 |
DOIs | |
Publication status | Published - 2018 |
Externally published | Yes |
Event | 3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017 - Oslo, Norway Duration: 14 Sept 2017 → 15 Sept 2017 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 10683 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017 |
---|---|
Country/Territory | Norway |
City | Oslo |
Period | 14/09/17 → 15/09/17 |
Bibliographical note
Funding Information:Acknowledgments. This research was partially supported by the Swedish VINNOVA FFI project “HoliSec: Holistic Approach to Improve Data Security”.
Funding Information:
This research was partially supported by the Swedish VINNOVA FFI project “HoliSec: Holistic Approach to Improve Data Security”.
Publisher Copyright:
© Springer International Publishing AG 2018.
Copyright:
Copyright 2018 Elsevier B.V., All rights reserved.
Keywords
- Architectural threat analysis
- Security assets
- STRIDE