Abstract
Traditional threat modeling approaches such as Microsoft's STRIDE rely on Data Flow Diagrams (DFDs) as the main input. As DFDs are constructed from only five distinct model element types, these system models are deliberately kept simple. While this lowers the bar for practical adoption, there are a number of significant drawbacks. In this position paper, we identify and illustrate four key shortcomings of DFD models when used for security threat modeling, related to the inadequate representation of security concepts, data elements, abstraction levels, and deployment information. Based on these shortcomings, we posit the need for a dedicated, integrated language for threat modeling, and discuss the trade-offs that need to be made between the ease of adoption and the level of support for systematic and repeatable threat modeling.
Author supplied keywords
Cite
CITATION STYLE
Sion, L., Yskout, K., Van Landuyt, Di., Van Den Berghe, A., & Joosen, W. (2020). Security Threat Modeling: Are Data Flow Diagrams Enough? In Proceedings - 2020 IEEE/ACM 42nd International Conference on Software Engineering Workshops, ICSEW 2020 (pp. 254–257). Association for Computing Machinery, Inc. https://doi.org/10.1145/3387940.3392221
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
