Threat Modeling: Evaluation and Recommendations
Abstract
Addressing cybersecurity for complex system, especially for cyber-physical system-of-systems (CPSoS), requires a strategic view of and planning for the whole lifecycle of the system. For the purpose of this paper, "system-of-systems" is defined as a system, components of which operate and are man-aged independently [46]. Thus, components of a system-of-system (systems by themselves) should be able to function fully and independently even when the system-of-systems is disassembled. Also, they typically are acquired separately and integrated later. Components of a system-of-systems may have physical, cyber, or mixed natures. For simplicity, we will use term "cyber-physical system" instead of "cyber-physical system-of-systems." The nature of a cyber-physical system (CPS) implies a diversity of potential threats that can compromise its integrity, targeting different aspects ranging from purely cyber-related vulnerabilities to the safety of the system as a whole. The traditional approach used to tackle this matter is to employ one or more threat modeling methods (TMMs) early in the development cycle. Choosing a TMM can be a challenging process by itself. The TMM you choose should be applicable to your system and to the needs of your organization. Therefore, when preparing for the task it makes sense to answer two questions. First, what kind of TMMs exist and what are they? And second, what criteria should a good TMM satisfy? We explored answers to the first question in Threat Modeling: A Summary of Available Methods [47]. In this paper, we will address the second question and evaluate TMMs against the chosen criteria.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2018
- Accession Number
- AD1083907
Entities
People
- Brent R. Frye
- Carol C. Woody
- Nataliya Shevchenko
Organizations
- Carnegie Mellon University