View Item 
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        JavaScript is disabled for your browser. Some features of this site may not work without it.

        Browse

        All of UU Student Theses RepositoryBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

        Systematic Selection Of Threat Modeling Approaches

        Thumbnail
        View/Open
        Final thesis Lennard Marck, systematic selection for TM (6565832) 15-8.pdf (1.582Mb)
        Publication date
        2024
        Author
        Marck, Lennard
        Metadata
        Show full item record
        Summary
        Threat modeling is a method for identifying and analyzing security problems early on in the development life cycle. The infancy of the discipline, the absence of a shared scope, and variations in complexity and application all contribute to the challenge for decision-makers to select a threat modeling method and tool. This study proposes a systematic decision-making approach, the core of which lies within a decision model suited to mitigate this challenge. The model facilitates the evaluation of threat modeling methods based on a set of criteria. In its current state 95 requirements and 18 threat modeling methods are mapped. The requirements were extracted and refined by doing an SLR, expert surveys, and interviews. Quality criteria were derived and a preliminary mapping between qualities and requirements was created. The context of the selection in terms of goals, scopes, and preferences was investigated and served as input for creating the final systematic decision-making approach. This approach underwent evaluation through a case study using criteria from the Prat taxonomy. Results indicate that the proposed systematic selection approach has the potential for assisting in making traceable decisions but needs to be further refined and validated. Moreover, the collected data and results of the analyses, and especially the methods, requirements, and quality criteria refined through a multi-phased research protocol can serve as a foundation for future research.
        URI
        https://studenttheses.uu.nl/handle/20.500.12932/47510
        Collections
        • Theses
        Utrecht university logo