Threat Modeling Tools: A Taxonomy

Shi, Zhenpeng; Graffi, Kálmán; Starobinski, David; Matyunin, Nikolay

doi:10.1109/msec.2021.3125229

Cited by 18 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software solutions to help in the analysis process do exist [24] with open source tools available [25] and spreadsheets commonly being used [26]. Graphical tools to assist with a manual analysis include CORAS [12], Microsoft Threat Modeling Tool (TMT) [27], and OWASP Threat Dragon [28].…”

Section: Software Supportmentioning

confidence: 99%

Automated Knowledge-Based Cybersecurity Risk Assessment of Cyber-Physical Systems

Phillips,

Taylor,

Boniface

et al. 2024

IEEE Access

View full text Add to dashboard Cite

This paper describes a simulation-based approach for automated risk assessment of complex cyber-physical systems to support implementers of ISO 27005. The approach is based on systematic causeand-effect modelling of threats, their causes and effects, and the ways in which the effects of one threat can lead to other threats. In this way, the approach deals with inter-dependencies within the target system, automatically finding attack paths and secondary effect cascades, which generally are very complex and the source of many challenges when implementing ISO 27005. The approach uses a knowledgebase describing classes of system assets and their possible relationships, along with the associated threats, causes and effects in a generic context. A target system can then be modelled in terms of related assets, describing the intended system structure and purpose (in the absence of any deviations). The knowledgebase is then used to identify which threats are relevant and create a cause-and-effect simulation of those threats. This allows threat likelihoods and risk levels to be found based on input concerning trust assumptions and the presence of controls in the system. The approach has been implemented by the open source Spyderisk project and validated by modelling a published case study of an attack on a steel mill. Given reasonable assumptions about security controls in place, the shortest, highest likelihood attack path found coincides with the published analysis. The case study demonstrates the strengths of the approach: transparency, reproducibility, and performance.

show abstract

Section: Software Supportmentioning

confidence: 99%

Automated Knowledge-Based Cybersecurity Risk Assessment of Cyber-Physical Systems

Phillips,

Taylor,

Boniface

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The extra context information gained from applying the per-interaction variant makes it the preferred elicitation method for our proposal. Numerous tools [11] exist to apply systematic variants of stride.…”

Section: Threat Modeling Backgroundmentioning

confidence: 99%

“…A recent study [11] compared the most popular threat modeling tools based on several criteria, one of them being the quantification of risk. Except for Threagile [2], all analyzed tools did so based on either predefined values, such as cvss scores, or required a manual analysis by end-users.…”

Section: Related Workmentioning

confidence: 99%

Relationship-based threat modeling

Verreydt

Sion

Yskout

et al. 2022

Proceedings of the 3rd International Workshop on Engineering and Cybersecurity of Critical Systems

View full text Add to dashboard Cite

Threat modeling is a common technique for the systematic analysis of system designs to uncover security and privacy threats. Popular threat modeling techniques, however, currently only consider a very localized system context, which hinders the discovery of more complex attack scenarios that involve multiple interactions throughout a system. This may lead to the underestimation of threats that are not harmful by themselves but enable multiple other high-risk threats. Furthermore, current risk assessment approaches require stakeholders to take the system as a whole into account when providing inputs, which is tedious and error-prone.This paper introduces relationship-based threat modeling (rbtm). Using explicitly captured threat relationship knowledge, rbtm allows to systematically and automatically generate a threat graph which is then used as input for traceable risk calculations. This removes the need to manually take into account threat relationships during risk assessments and allows stakeholders to clearly identify and communicate the rationale behind the resulting risk values. The outputs of an rbtm analysis were compared to those of a manual one performed by experts to evaluate the soundness of our proposal, which also highlighted the traceability benefits. CCS CONCEPTS• Security and privacy → Software security engineering; • Software and its engineering → Risk management; Modeldriven software engineering; Software design engineering.

show abstract

“…According to Shi et al (2021), threat modelling is a systematic process for identifying, evaluating and developing countermeasures to protect critical assets from threats and threat actors. A crucial extension of threat modelling is cyber threat intelligence (Kotsias et al, 2022;Tounsi and Rais, 2018;Shackleford, 2017).…”

Section: Introductionmentioning

confidence: 99%

“…Cyber threat intelligence refers to the process of "acquiring, processing, analysing, and disseminating information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making" (Ettinger, 2019). A number of threat models exist, such as STRIDE, DREAD, P.A.S.T.A, Trike, VAST, Attack Tree, Common Vulnerability Scoring System (CVSS), T-MAP and OCTAVE, to assist in identifying vulnerabilities and mitigating potential threats facing networks, computers, software products, and data (Shostack, 2014, Kotsias et al, 2022Shi et al, 2021). However, these models for the most part focus at an organizational level.…”

Section: Introductionmentioning

confidence: 99%

Cyber Warfare and Cyber Terrorism Threats Targeting Critical Infrastructure: A HCPS-based Threat Modelling Intelligence Framework

Naidoo

Jacobs

2023

eccws

View full text Add to dashboard Cite

Acts of cyber warfare and cyber terrorism (CWCT) that target a nation's critical infrastructure (CI) are quickly becoming a larger threat to national security than conventional kinetic warfare strategies. Adversaries or potential adversaries can target a nation's electrical grids, telecommunications, financial services, transportation, healthcare systems, and other forms of CI. These acts pose a major threat to a nation's CI and consequently exposes citizens to public health, safety, security, and economic development risks. Identifying cyber vulnerabilities and threats can help nations to improve their CI defence strategies. There is a crucial need for research that can aid in understanding the major types of CI threats and by what method they might occur. This paper conducts a systematic literature review to develop an initial threat intelligence framework of CWCT attacks on CI. Drawing from a Human–Cyber–Physical Systems (HCPS) lens, the threat intelligence framework classifies CWCT attacks according to the methods, weapons, vulnerabilities, targets and impact of the CWCT attack. The cyber warfare community can extend the proposed HCPS-based threat intelligence framework to develop more advanced cyber security mitigation strategies, training scenarios and simulations. Large-scale monitoring of CI threats requires in-depth threat intelligence analysis and a collaborative defence strategy. This calls for a higher degree of coordination and orchestration between the military, intelligence agencies, government departments, multinational allies, regulators, and commercial entities. Future research can customize the proposed HCPS-based threat intelligence framework to cater for the unique threats facing specific CI domains.

show abstract

Threat Modeling Tools: A Taxonomy

Cited by 18 publications

References 7 publications

Automated Knowledge-Based Cybersecurity Risk Assessment of Cyber-Physical Systems

Automated Knowledge-Based Cybersecurity Risk Assessment of Cyber-Physical Systems

Relationship-based threat modeling

Cyber Warfare and Cyber Terrorism Threats Targeting Critical Infrastructure: A HCPS-based Threat Modelling Intelligence Framework

Contact Info

Product

Resources

About