On Adoptability and Use Case Exploration of Threat Modeling for Mobile Communication Systems

Abstract

As the attack surface and the number of security incidents in mobile communication networks increase, a common language for threat intelligence gathering and sharing among different parties becomes essential. We addressed this by developing the Bhadra framework [4], a domain-specific conceptual framework that captures adversarial behaviors in end-to-end communication over the mobile networks in our previous work. Nevertheless, the acceptance or adoptability of the framework by the mobile communications industry is still unclear. In this work, we built a threat modeling tool as a companion for Bhadra and conduct a user study with industry experts to evaluate the framework's usefulness and explore its potential use cases besides threat modeling and sharing. Our preliminary results indicate that the mobile communication industry would benefit from a threat modeling framework with a companion tool and its use cases, making it a potential candidate to integrate within work processes.