2008
DOI: 10.1109/ms.2008.25
|View full text |Cite
|
Sign up to set email alerts
|

Threat Modeling: Diving into the Deep End

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
10
0

Year Published

2013
2013
2024
2024

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 24 publications
(10 citation statements)
references
References 0 publications
0
10
0
Order By: Relevance
“…It connects system components with threat types. With this information on hand, one can extract the parts, which affect communication, and use a DREAD related technique similar to that proposed in [47] to assign numerical values to specific vulnerabilities, which can then be normalized to probabilities. For example, Discoverability, w d , Reproducibility, w r , and Exploitability, w e , would denote the likelihood of threats, and Affected users, au, and Damage potential, dp-their severity, leading to a numerical risk assessment, according to the following formula: risk = (w d + w r + w e ) * (au + dp)…”
Section: Resultsmentioning
confidence: 99%
See 3 more Smart Citations
“…It connects system components with threat types. With this information on hand, one can extract the parts, which affect communication, and use a DREAD related technique similar to that proposed in [47] to assign numerical values to specific vulnerabilities, which can then be normalized to probabilities. For example, Discoverability, w d , Reproducibility, w r , and Exploitability, w e , would denote the likelihood of threats, and Affected users, au, and Damage potential, dp-their severity, leading to a numerical risk assessment, according to the following formula: risk = (w d + w r + w e ) * (au + dp)…”
Section: Resultsmentioning
confidence: 99%
“…The model of a cyberphysical system assumed, as presented in Figures 3-6 (for a generic system and a case study, respectively), maps very nicely onto the thread modeling process discussed in [45,47], which uses data flow diagrams. Principles of creating data flow diagrams correspond nearly identically to our representation of cyberphysical systems and do not need additional discussion.…”
Section: Outline Of Threat Modelingmentioning
confidence: 89%
See 2 more Smart Citations
“…The traditional way of determining and investigating threats is done using attack trees, supported with methods like STRIDE or DREAD as tools for general security analysis [57][58]. In this paper, because of the need for more quantitative approach, an alternative method is suggested, based on assessing the vulnerabilities as per the Common Vulnerability Scoring System (CVSS) [59][60].…”
Section: A Outline Of Establishing a Security Measurement Processmentioning
confidence: 99%