On Threat Model Repair
Pages 302 - 310
Abstract
Security by construction is an approach to system development where security considerations are integrated into the design process from the very beginning. Threat modeling helps identify potential threats and vulnerabilities early in the system development process, assess the risk associated with each threat, and design appropriate mitigation actions. In this paper, we study threat model repair, a method to automatically suggest structural changes to the design that mitigate threats discovered by the analysis. This helps find a secure design early in the process by allowing a user to quickly iterate over different design variants.
References
[1]
Bjørner, N.S., Phan, A.D.: z - maximal satisfaction with Z3. In: Temur Kutsia and Andrei Voronkov, editors, 6th International Symposium on Symbolic Computation in Software Science, SCSS 2014, Gammarth, La Marsa, Tunisia, December 7-8, 2014, vol. 30 of EPiC Series in Computing, pp 1–9. EasyChair (2014)
[2]
Christl, K., Tarrach, T.: The analysis approach of threatget. CoRR, abs/2107.09986 (2021)
[3]
McRee, R.: Microsoft threat modeling tool 2014: identify and mitigate. Inf. Syst. Secur. Assoc. J. 39–42 (2014)
[4]
El Sadany, M., Schmittner, C., Kastner, W.: Assuring compliance with protection profiles with threatget. In: Alexander B. Romanovsky, Elena Troubitsyna, Ilir Gashi, Erwin Schoitsch, and Friedemann Bitsch, editors, Computer Safety, Reliability, and Security - SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Turku, Finland, September 10, 2019, Proceedings, volume 11699 of Lecture Notes in Computer Science, pp. 62–73. Springer (2019).
[5]
Tarrach, T., Ebrahimi, M., König, S., Schmittner, C., Bloem, R., Nickovic, D.: Attribute repair for threat prevention. In: Jérémie Guiochet, Stefano Tonetta, and Friedemann Bitsch, editors, Computer Safety, Reliability, and Security - 42nd International Conference, SAFECOMP 2023, Toulouse, France, September 20-22, 2023, Proceedings, vol. 14181 of Lecture Notes in Computer Science, pp. 135–148. Springer (2023).
Index Terms
- On Threat Model Repair
Index terms have been assigned to the content through auto-classification.
Recommendations
Insider Threat Assessment: a Model-Based Methodology
Security is a major challenge for today's companies, especially ICT ones which manage large scale cyber-critical systems. Amongst the multitude of attacks and threats to which a system is potentially exposed, there are insider attackers i.e., users with ...
Comments
Information & Contributors
Information
Published In
Oct 2024
338 pages
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 27 October 2024
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 15 Jan 2025