Expressive and Systematic Risk Assessments with Instance-Centric Threat Models

IF 0.4 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS
Stef Verreydt, Dimitri Van Landuyt, W. Joosen
{"title":"Expressive and Systematic Risk Assessments with Instance-Centric Threat Models","authors":"Stef Verreydt, Dimitri Van Landuyt, W. Joosen","doi":"10.1145/3555776.3577668","DOIUrl":null,"url":null,"abstract":"A threat modeling exercise involves systematically assessing the likelihood and potential impact of diverse threat scenarios. As threat modeling approaches and tools act at the level of a software architecture or design (e.g., a data flow diagram), they consider threat scenarios at the level of classes or types of system elements. More fine-grained analyses in terms of concrete instances of these elements are typically not conducted explicitly nor rigorously. This hinders (i) expressiveness, as threats that require articulation at the level of instances can not be expressed nor managed properly, and (ii) systematic risk calculation, as risk cannot be expressed and estimated with respect to instance-level properties. In this paper, we present a novel threat modeling approach that acts on two layers: (i) the design layer defines the classes and entity types in the system, and (ii) the instance layer models concrete instances and their properties. This, in turn, allows both rough risk estimates at the design-level, and more precise ones at the instance-level. Motivated by a connected vehicles application, we present the key challenges, the modeling approach and a tool prototype. The presented approach is a key enabler for more continuous and frequent threat (re-)assessment, the integration of threat analysis models in CI/CD pipelines and agile development environments on the one hand (development perspective), and in risk management approaches at run-time (operations perspective).","PeriodicalId":42971,"journal":{"name":"Applied Computing Review","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Computing Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3555776.3577668","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

A threat modeling exercise involves systematically assessing the likelihood and potential impact of diverse threat scenarios. As threat modeling approaches and tools act at the level of a software architecture or design (e.g., a data flow diagram), they consider threat scenarios at the level of classes or types of system elements. More fine-grained analyses in terms of concrete instances of these elements are typically not conducted explicitly nor rigorously. This hinders (i) expressiveness, as threats that require articulation at the level of instances can not be expressed nor managed properly, and (ii) systematic risk calculation, as risk cannot be expressed and estimated with respect to instance-level properties. In this paper, we present a novel threat modeling approach that acts on two layers: (i) the design layer defines the classes and entity types in the system, and (ii) the instance layer models concrete instances and their properties. This, in turn, allows both rough risk estimates at the design-level, and more precise ones at the instance-level. Motivated by a connected vehicles application, we present the key challenges, the modeling approach and a tool prototype. The presented approach is a key enabler for more continuous and frequent threat (re-)assessment, the integration of threat analysis models in CI/CD pipelines and agile development environments on the one hand (development perspective), and in risk management approaches at run-time (operations perspective).
基于实例中心威胁模型的表达性和系统性风险评估
威胁建模工作包括系统地评估各种威胁情景的可能性和潜在影响。当威胁建模方法和工具在软件架构或设计(例如,数据流图)级别上工作时,它们在类或系统元素类型级别上考虑威胁场景。就这些元素的具体实例而言,更细粒度的分析通常不明确也不严格地进行。这阻碍了(i)可表达性,因为需要在实例级别上表达的威胁无法被表达或妥善管理,以及(ii)系统性风险计算,因为风险无法根据实例级别的属性来表达和估计。在本文中,我们提出了一种新的威胁建模方法,它作用于两个层:(i)设计层定义系统中的类和实体类型,(ii)实例层对具体实例及其属性建模。反过来,这既允许在设计级别进行粗略的风险估计,也允许在实例级别进行更精确的风险估计。在车联网应用的激励下,我们提出了关键挑战、建模方法和工具原型。所提出的方法是实现更持续和频繁的威胁(重新)评估的关键,一方面是在CI/CD管道和敏捷开发环境(开发角度)中集成威胁分析模型,另一方面是在运行时的风险管理方法(操作角度)中集成威胁分析模型。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Applied Computing Review
Applied Computing Review COMPUTER SCIENCE, INFORMATION SYSTEMS-
自引率
40.00%
发文量
8
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信