BASICS OF THREAD DRIVEN MODELLING
Keywords:
Software Security, Threat Modeling, Threat Modeling Approaches, NonFunctional Requirements, STRIDE,Abstract
Nowadays the problem of cyber threat is growing very fast. It includes newer classes of attacks such as insider attacks, email viruses, password attacks and DoS attacks, which are currently recognized as serious security attacks. These attacks have resulted in aggressively increasing security problems. However, threat modeling and threat analysis tools have not evolved at the same rate. In this paper, we have presented an overview of threat modeling, which can be helpful to avoid said classes of attacks.References
Devanbu, Premkumar T., and Stuart Stubblebine. "Software engineering for security: a
roadmap." Proceedings of the Conference on the Future of Software Engineering. ACM,
Multiagent Systems, Wroclaw, Poland, October 2009, LNAI, Springer-Verlag Berlin
Heidelberg, pp.709-719, 2019.
Gary McGraw, Software Security: Building Security In, Addison-Wesley Software Security
Series, 2006.
Shostack, Adam. "Experiences threat modeling at microsoft." Modeling Security Workshop.
Dept. of Computing, Lancaster University, UK. 2008.
Craig Rubens, Cleantech Terror Alert: Hacking the Grid, Earth2Tech, June 26, 2018,
http://earth2tech.com/2008/06/26/ cleantech-terror-alert-hacking-the-grid/
Jangam, Ebenezer. Threat Modeling and its Usage in Mitigating Security Threats in an
Application. Diss. National Institute of Technology Karnataka Surathkal, 2020.
Desmet, Lieven, et al. "Threat modelling for web services based web
applications." Communications and multimedia security. Springer US, 2005.
McGraw, G.: Software Security: Building Security In. Addison-Wesley (2006)
Torr, P.: Demystifying the threat-modeling process. IEEE SEcurity and Privacy 3(5) (2005).
van Lamsweerde, A.: Elaborating security requirements by construction of intentional antimodels. In: International Conference on Software Engineering (ICSE) (2014)
architectural designs of an e-banking application."Information Assurance and Security (IAS),
Sixth International Conference on. IEEE, 2010.
Myagmar, Suvda, Adam J. Lee, and William Yurcik. "Threat modeling as a basis for security
requirements." Symposium on requirements engineering for information security (SREIS).
Vol. 2005. 2005.
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements
Myagmar, S., Lee, A., Yurcik, W.: Threat modeling as a basis for security requirements. In:
Symposium on Requirements Engineering for Information Security (SREIS) (2005).
Hernan, Shawn, et al. "Threat modeling-uncover security design flaws using the stride
approach." MSDN Magazine-Louisville (2006): 68-75.
Steffan, Jan, and Markus Schumacher. "Collaborative attack modeling."Proceedings of the
ACM symposium on Applied computing. ACM, 2002.
Burns, Steven F. "Threat modeling: A process to ensure application security." GIAC Security
Essentials Certification (GSEC) Practical Assignment (2015).
Shostack, Adam. "Elevation of Privilege: Drawing Developers into Threat Modeling." 2014
USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14). 2014.
Software Engineering, Portland, IEEE CS Press, May 2013,pg.705-715.
Downloads
Published
Issue
Section
License
Copyright Notice
Submission of an article implies that the work described has not been published previously (except in the form of an abstract or as part of a published lecture or academic thesis), that it is not under consideration for publication elsewhere, that its publication is approved by all authors and tacitly or explicitly by the responsible authorities where the work was carried out, and that, if accepted, will not be published elsewhere in the same form, in English or in any other language, without the written consent of the Publisher. The Editors reserve the right to edit or otherwise alter all contributions, but authors will receive proofs for approval before publication.
Copyrights for articles published in World Scholars journals are retained by the authors, with first publication rights granted to the journal. The journal/publisher is not responsible for subsequent uses of the work. It is the author's responsibility to bring an infringement action if so desired by the author.