Security threat modeling and requirement analysis method based on goal-scenario

Abstract

Threat modeling plays a significant role in the design of the overall security model for a system because it can help to ensure that security is built into applications, rather than addressed as an afterthought. However, research in security threat modeling has yet to mature as there is paucity of established techniques and tools to aid the threat modeling and formal analysis process. Moreover, existing work do not integrate threat modeling notations with a formal threat analysis procedure to aid decision making during security requirements analysis. This paper proposes a goal-Scenario approach to security threat modeling and requirement analysis by using visual model elements to explicitly capture threat-related concepts. More specifically, we propose a goal-scenario approach for explicitly modeling and analyzing security threats during requirements analysis. The goal scenario will be analyzed using the threat requirement, and the creation of the threat model will be discussed by the analysis on the STRIDE and the scenario authoring rules.