On Threat Model Repair

Roderick Bloem; Sebastian Chlup; Dejan Nickovic; Christoph  Schmittner

doi:10.1007/978-3-031-75387-9_18

On Threat Model Repair

Roderick Bloem, Sebastian Chlup, Dejan Nickovic, Christoph Schmittner

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Security by construction is an approach to system development where security considerations are integrated into the design process from the very beginning. Threat modeling helps identify potential threats and vulnerabilities early in the system development process, assess the risk associated with each threat, and design appropriate mitigation actions. In this paper, we study threat model repair, a method to automatically suggest structural changes to the design that mitigate threats discovered by the analysis. This helps find a secure design early in the process by allowing a user to quickly iterate over different design variants.

Original language	English
Title of host publication	Leveraging Applications of Formal Methods, Verification and Validation. Software Engineering Methodologies. ISoLA 2024
Publisher	Springer, Cham
Pages	302–310
ISBN (Electronic)	978-3-031-75387-9
ISBN (Print)	978-3-031-75386-2
DOIs	https://doi.org/10.1007/978-3-031-75387-9_18
Publication status	Published - Oct 2024
Event	12th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation, ISoLA 2024 - Hersonissos, Greece Duration: 27 Oct 2024 → 31 Oct 2024

Publication series

Name	Lecture Notes in Computer Science
Volume	15222 LNCS

Conference

Conference	12th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation, ISoLA 2024
Abbreviated title	ISoLA 2024
Country/Territory	Greece
City	Hersonissos
Period	27/10/24 → 31/10/24

Access to Document

10.1007/978-3-031-75387-9_18

paper

Cite this

On Threat Model Repair. / Bloem, Roderick; Chlup, Sebastian; Nickovic, Dejan et al.
Leveraging Applications of Formal Methods, Verification and Validation. Software Engineering Methodologies. ISoLA 2024. Springer, Cham, 2024. p. 302–310 (Lecture Notes in Computer Science; Vol. 15222 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Bloem, R, Chlup, S, Nickovic, D & Schmittner, C 2024, On Threat Model Repair. in Leveraging Applications of Formal Methods, Verification and Validation. Software Engineering Methodologies. ISoLA 2024. Lecture Notes in Computer Science, vol. 15222 LNCS, Springer, Cham, pp. 302–310, 12th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation, ISoLA 2024, Hersonissos, Greece, 27/10/24. https://doi.org/10.1007/978-3-031-75387-9_18

@inproceedings{eb6de9cd508440ef8a676f5b0ca6cf86,

title = "On Threat Model Repair",

abstract = "Security by construction is an approach to system development where security considerations are integrated into the design process from the very beginning. Threat modeling helps identify potential threats and vulnerabilities early in the system development process, assess the risk associated with each threat, and design appropriate mitigation actions. In this paper, we study threat model repair, a method to automatically suggest structural changes to the design that mitigate threats discovered by the analysis. This helps find a secure design early in the process by allowing a user to quickly iterate over different design variants.",

author = "Roderick Bloem and Sebastian Chlup and Dejan Nickovic and Christoph Schmittner",

year = "2024",

month = oct,

doi = "10.1007/978-3-031-75387-9_18",

language = "English",

isbn = "978-3-031-75386-2",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Cham",

pages = "302–310",

booktitle = "Leveraging Applications of Formal Methods, Verification and Validation. Software Engineering Methodologies. ISoLA 2024",

note = "12th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation, ISoLA 2024, ISoLA 2024 ; Conference date: 27-10-2024 Through 31-10-2024",

}

TY - GEN

T1 - On Threat Model Repair

AU - Bloem, Roderick

AU - Chlup, Sebastian

AU - Nickovic, Dejan

AU - Schmittner, Christoph

PY - 2024/10

Y1 - 2024/10

N2 - Security by construction is an approach to system development where security considerations are integrated into the design process from the very beginning. Threat modeling helps identify potential threats and vulnerabilities early in the system development process, assess the risk associated with each threat, and design appropriate mitigation actions. In this paper, we study threat model repair, a method to automatically suggest structural changes to the design that mitigate threats discovered by the analysis. This helps find a secure design early in the process by allowing a user to quickly iterate over different design variants.

AB - Security by construction is an approach to system development where security considerations are integrated into the design process from the very beginning. Threat modeling helps identify potential threats and vulnerabilities early in the system development process, assess the risk associated with each threat, and design appropriate mitigation actions. In this paper, we study threat model repair, a method to automatically suggest structural changes to the design that mitigate threats discovered by the analysis. This helps find a secure design early in the process by allowing a user to quickly iterate over different design variants.

U2 - 10.1007/978-3-031-75387-9_18

DO - 10.1007/978-3-031-75387-9_18

M3 - Conference paper

SN - 978-3-031-75386-2

T3 - Lecture Notes in Computer Science

SP - 302

EP - 310

BT - Leveraging Applications of Formal Methods, Verification and Validation. Software Engineering Methodologies. ISoLA 2024

PB - Springer, Cham

T2 - 12th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation, ISoLA 2024

Y2 - 27 October 2024 through 31 October 2024

ER -

On Threat Model Repair

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this