Systematic Selection Of Threat Modeling Approaches

Abstract

Threat modeling is a method for identifying and analyzing security problems early on in the development life cycle. The infancy of the discipline, the absence of a shared scope, and variations in complexity and application all contribute to the challenge for decision-makers to select a threat modeling method and tool. This study proposes a systematic decision-making approach, the core of which lies within a decision model suited to mitigate this challenge. The model facilitates the evaluation of threat modeling methods based on a set of criteria. In its current state 95 requirements and 18 threat modeling methods are mapped. The requirements were extracted and refined by doing an SLR, expert surveys, and interviews. Quality criteria were derived and a preliminary mapping between qualities and requirements was created. The context of the selection in terms of goals, scopes, and preferences was investigated and served as input for creating the final systematic decision-making approach. This approach underwent evaluation through a case study using criteria from the Prat taxonomy. Results indicate that the proposed systematic selection approach has the potential for assisting in making traceable decisions but needs to be further refined and validated. Moreover, the collected data and results of the analyses, and especially the methods, requirements, and quality criteria refined through a multi-phased research protocol can serve as a foundation for future research.