Expressive and Systematic Risk Assessments with Instance-Centric Threat Models

IF 0.4 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS Applied Computing Review Pub Date : 2023-03-27 DOI:10.1145/3555776.3577668
Stef Verreydt, Dimitri Van Landuyt, W. Joosen
{"title":"Expressive and Systematic Risk Assessments with Instance-Centric Threat Models","authors":"Stef Verreydt, Dimitri Van Landuyt, W. Joosen","doi":"10.1145/3555776.3577668","DOIUrl":null,"url":null,"abstract":"A threat modeling exercise involves systematically assessing the likelihood and potential impact of diverse threat scenarios. As threat modeling approaches and tools act at the level of a software architecture or design (e.g., a data flow diagram), they consider threat scenarios at the level of classes or types of system elements. More fine-grained analyses in terms of concrete instances of these elements are typically not conducted explicitly nor rigorously. This hinders (i) expressiveness, as threats that require articulation at the level of instances can not be expressed nor managed properly, and (ii) systematic risk calculation, as risk cannot be expressed and estimated with respect to instance-level properties. In this paper, we present a novel threat modeling approach that acts on two layers: (i) the design layer defines the classes and entity types in the system, and (ii) the instance layer models concrete instances and their properties. This, in turn, allows both rough risk estimates at the design-level, and more precise ones at the instance-level. Motivated by a connected vehicles application, we present the key challenges, the modeling approach and a tool prototype. The presented approach is a key enabler for more continuous and frequent threat (re-)assessment, the integration of threat analysis models in CI/CD pipelines and agile development environments on the one hand (development perspective), and in risk management approaches at run-time (operations perspective).","PeriodicalId":42971,"journal":{"name":"Applied Computing Review","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Computing Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3555776.3577668","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

A threat modeling exercise involves systematically assessing the likelihood and potential impact of diverse threat scenarios. As threat modeling approaches and tools act at the level of a software architecture or design (e.g., a data flow diagram), they consider threat scenarios at the level of classes or types of system elements. More fine-grained analyses in terms of concrete instances of these elements are typically not conducted explicitly nor rigorously. This hinders (i) expressiveness, as threats that require articulation at the level of instances can not be expressed nor managed properly, and (ii) systematic risk calculation, as risk cannot be expressed and estimated with respect to instance-level properties. In this paper, we present a novel threat modeling approach that acts on two layers: (i) the design layer defines the classes and entity types in the system, and (ii) the instance layer models concrete instances and their properties. This, in turn, allows both rough risk estimates at the design-level, and more precise ones at the instance-level. Motivated by a connected vehicles application, we present the key challenges, the modeling approach and a tool prototype. The presented approach is a key enabler for more continuous and frequent threat (re-)assessment, the integration of threat analysis models in CI/CD pipelines and agile development environments on the one hand (development perspective), and in risk management approaches at run-time (operations perspective).
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于实例中心威胁模型的表达性和系统性风险评估
威胁建模工作包括系统地评估各种威胁情景的可能性和潜在影响。当威胁建模方法和工具在软件架构或设计(例如,数据流图)级别上工作时,它们在类或系统元素类型级别上考虑威胁场景。就这些元素的具体实例而言,更细粒度的分析通常不明确也不严格地进行。这阻碍了(i)可表达性,因为需要在实例级别上表达的威胁无法被表达或妥善管理,以及(ii)系统性风险计算,因为风险无法根据实例级别的属性来表达和估计。在本文中,我们提出了一种新的威胁建模方法,它作用于两个层:(i)设计层定义系统中的类和实体类型,(ii)实例层对具体实例及其属性建模。反过来,这既允许在设计级别进行粗略的风险估计,也允许在实例级别进行更精确的风险估计。在车联网应用的激励下,我们提出了关键挑战、建模方法和工具原型。所提出的方法是实现更持续和频繁的威胁(重新)评估的关键,一方面是在CI/CD管道和敏捷开发环境(开发角度)中集成威胁分析模型,另一方面是在运行时的风险管理方法(操作角度)中集成威胁分析模型。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Applied Computing Review
Applied Computing Review COMPUTER SCIENCE, INFORMATION SYSTEMS-
自引率
40.00%
发文量
8
期刊最新文献
DIWS-LCR-Rot-hop++: A Domain-Independent Word Selector for Cross-Domain Aspect-Based Sentiment Classification Leveraging Semantic Technologies for Collaborative Inference of Threatening IoT Dependencies Relating Optimal Repairs in Ontology Engineering with Contraction Operations in Belief Change Block-RACS: Towards Reputation-Aware Client Selection and Monetization Mechanism for Federated Learning Elastic Data Binning: Time-Series Sketching for Time-Domain Astrophysics Analysis
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1