Companies face increasing pressure to protect themselves and their customers from security threats. Security by design is a proactive approach that builds security into all aspects of a system from the ground up, rather than adding it on as an afterthought. By taking security into account at every stage of development, organizations can create systems that are more resistant to attacks and better able to recover from them if they do occur. One of the most relevant practices is threat modelling, i.e. the process of identifying and analysing the security threat to an information system, application, or network. These processes require security experts with high skills to anticipate possible issues: therefore, it is a costly task and requires a lot of time. To face these problems, many different automated threat modelling methodologies are emerging. This paper first carries out a systematic literature review (SLR) aimed at both having an overview of the automated threat modelling techniques used in literature and enumerating all the tools that implement these techniques. Then, an analysis was carried out considering four open-source tools and a comparison with our threat modelling approach using a simple, but significant case study: an e-commerce site developed on top of WordPress.

Systematic analysis of automated threat modelling techniques: Comparison of open-source tools / Granata, D.; Rak, M.. - In: SOFTWARE QUALITY JOURNAL. - ISSN 0963-9314. - 32:1(2024), pp. 125-161. [10.1007/s11219-023-09634-4]

Systematic analysis of automated threat modelling techniques: Comparison of open-source tools

Granata D.;Rak M.
2024

Abstract

Companies face increasing pressure to protect themselves and their customers from security threats. Security by design is a proactive approach that builds security into all aspects of a system from the ground up, rather than adding it on as an afterthought. By taking security into account at every stage of development, organizations can create systems that are more resistant to attacks and better able to recover from them if they do occur. One of the most relevant practices is threat modelling, i.e. the process of identifying and analysing the security threat to an information system, application, or network. These processes require security experts with high skills to anticipate possible issues: therefore, it is a costly task and requires a lot of time. To face these problems, many different automated threat modelling methodologies are emerging. This paper first carries out a systematic literature review (SLR) aimed at both having an overview of the automated threat modelling techniques used in literature and enumerating all the tools that implement these techniques. Then, an analysis was carried out considering four open-source tools and a comparison with our threat modelling approach using a simple, but significant case study: an e-commerce site developed on top of WordPress.
2024
Systematic analysis of automated threat modelling techniques: Comparison of open-source tools / Granata, D.; Rak, M.. - In: SOFTWARE QUALITY JOURNAL. - ISSN 0963-9314. - 32:1(2024), pp. 125-161. [10.1007/s11219-023-09634-4]
File in questo prodotto:
File Dimensione Formato  
s11219-023-09634-4.pdf

non disponibili

Licenza: Non specificato
Dimensione 1.51 MB
Formato Adobe PDF
1.51 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/986087
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? 8
social impact