Asset-Oriented Threat Modeling

Messe, Nan; Chiprianov, Vanea; Belloir, Nicolas; El-Hachem, Jamal; Fleurquin, Régis; Sadou, Salah

doi:10.1109/trustcom50675.2020.00073

Cited by 9 publications

(7 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The security aspect is suggested to be considered as early as possible in SDLC to prevent potential damages caused by undiscovered vulnerabilities [6]. That is why our focus in this paper is on security requirements.…”

Section: Software Securitymentioning

confidence: 99%

RQCODE – Towards Object-Oriented Requirements in the Software Security Domain

Nigmatullin

Sadovykh

Messe³

et al. 2022

2022 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)

Self Cite

View full text Add to dashboard Cite

For the last 20 years, the number of vulnerabilities has increased near 20 times, according to NIST statistics. Vulnerabilities expose companies to risks that may seriously threaten their operations. Therefore, for a long time, it has been suggested to apply security engineering -the process of accumulating multiple techniques and practices to ensure a sufficient level of security and to prevent vulnerabilities in the early stages of software development, including establishing security requirements and proper security testing. The informal nature of security requirements makes it uneasy to maintain system security, eliminate redundancy and trace requirements down to verification artifacts such as test cases. To deal with this problem, Seamless Object-Oriented Requirements (SOORs) promote incorporating formal requirements representations and verification means together into requirements classes.This article is a position paper that discusses opportunities to implement the Requirements as Code (RQCODE) concepts, SOORs in Java, applied to the Software Security domain. We argue that this concept has an elegance and the potential to raise the attention of developers since it combines a lightweight formalization of requirements through security tests with seamless integration with off-the-shelf development environments, including modern Continuous Integration/Delivery platforms. The benefits of this approach are yet to be demonstrated in further studies in the VeriDevOps project.

show abstract

Section: Software Securitymentioning

confidence: 99%

RQCODE – Towards Object-Oriented Requirements in the Software Security Domain

Nigmatullin

Sadovykh

Messe³

et al. 2022

2022 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Nan Messe, Vanea Chiprianov, Nicolas Belloir, Jamal El-Hachem, Regis Fleurquin and Salah Sadou, in [10], strove to structure the asset identification stage by offering a systematic asset identification process based on a reference model. The authors illustrated the proposed process by example, and demonstrated the usefulness of their process for supporting threat enumeration and improving existing threat-modeling processes, such as Microsoft SDL.…”

Section: Brief Overview Of Used Articlesmentioning

confidence: 99%

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

et al. 2022

View full text Add to dashboard Cite

Information security is one of the most important attributes of distributed systems that often operate on unreliable networks. Enabling security features during the development of a distributed system requires the careful analysis of potential attacks or threats in different contexts, a process often referred to as «threat modeling». Information protection should be comprehensive, but it is also necessary to take into account the possibility of the emergence of threats specific to a certain information system. Many public and private organizations are still trying to implement system models and the threats directed at them on their own. The main reason for this is the lack of useful and high-quality methodologies that can help developers design system models. This review explores a variety of the literature on confidentiality- and integrity-aware system design methodologies, as well as threat classification methods, and identifies key issues that may be referenced by organizations to make design system processes easier. In particular, this article takes a look at the extent to which existing methodologies cover objects of protection and methods of classifying threats, as well as whether there are such models of systems in which the object itself and the threats directed at it are described. This includes whether the compiled models exhibit symmetry or asymmetry. This literature research shows that methodologies appear to be heterogeneous and versatile, since existing methodologies often only focus on one object of protection (a system). Based on the given analysis, it can be concluded that the existing methodologies only relate superficially to the description of system models and threats, and it is necessary to develop a more complete abstract model of the protected object and threats aimed at it in order to make this model suitable for any organization and protect it against most threats.

show abstract

“…ThreMA has been designed for modelling complete ICT infrastructures through a formal dictionary shared by all the experts involved in the threat modelling process. In addition, according to [42], a well-defined rule set has been defined for supporting system modelling, in order to prevent misconceptions that could lead to sub-optimal or erroneous threat identification. As it will be seen in the following sections, there is a tight link between how the threat catalog is organised and how the infrastructure components are described.…”

Section: The Threma Approachmentioning

confidence: 99%

“…Particular attention has been placed on representation and organisation of assets. As defined in [42], an asset can be either something valuable for the organisation or everything that may contain vulnerabilities that can be menaced by threats. Hence, not only the stored data, the networks and the digital services must be modelled but, more in general, every device and software connected to the ICT infrastructure that could be the target and/or the vector of possible attacks.…”

Section: B Ict Sub-ontologymentioning

confidence: 99%

ThreMA: Ontology-Based Automated Threat Modeling for ICT Infrastructures

et al. 2022

View full text Add to dashboard Cite

Threat Modelling allows defenders to identify threats to which the target system is exposed. Such a process requires a detailed infrastructure analysis to map threats to assets and to identify possible flaws. Unfortunately, the process is still mostly done manually and without the support of formally sound approaches. Moreover, Threat Modelling often involves teams with different levels of security knowledge, leading to different possible interpretation in the system under analysis representation. Threat modelling automation comes with two main challenges: (i) the need for a standard representation of models and data used in various stages of the process, establishing a formal vocabulary for all involved parties, and (ii) the requirement for a well-defined inference rule set enabling reasoning process automation for threat identification. The paper presents the ThreMA approach to automating threat modelling for ICT infrastructures, aiming at addressing the key automation issues through the use of ontologies. Specifically, a formal vocabulary for modelling an ICT infrastructure, a threat catalog and a set of inference rules needed to support the reasoning process for threat identification are provided. The proposed approach has been validated against actual significant case studies provided by different Stakeholders of the Italian Public Sector.

show abstract

Asset-Oriented Threat Modeling

Cited by 9 publications

References 20 publications

RQCODE – Towards Object-Oriented Requirements in the Software Security Domain

RQCODE – Towards Object-Oriented Requirements in the Software Security Domain

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

ThreMA: Ontology-Based Automated Threat Modeling for ICT Infrastructures

Contact Info

Product

Resources

About