Litcius/Paper detail

A Review of Asset-Centric Threat Modelling Approaches

Livinus Obiora Nweke, D. Stephen

2020International Journal of Advanced Computer Science and Applications33 citationsDOIOpen Access PDF

Abstract

The threat landscape is constantly evolving. As attackers continue to evolve and seek better methods of compro-mising a system; in the same way, defenders continue to evolve and seek better methods of protecting a system. Threats are events that could cause harm to the confidentiality, integrity, or availability of information systems, through unauthorized disclosure, misuse, alteration, or destruction of information or information system. The process of developing and applying a representation of those threats, to understand the possibility of the threats being realized is referred to as threat modelling. Threat modelling approaches provide defenders with a tool to characterize potential threats systematically. They include the prioritization of threats and mitigation based on probabilities of the threats being realized, the business impacts and the cost of countermeasures. In this paper, we provide a review of asset-centric threat modelling approaches. These are threat modelling techniques that focus on the assets of the system being threat modelled. First, we discuss the most widely used asset-centric threat modelling approaches. Then, we present a gap analysis of these methods. Finally, we examine the features of asset-centric threat modelling approaches with a discussion on their similarities and differences.

Topics & Concepts

Computer scienceAsset (computer security)Computer securityRisk analysis (engineering)HarmThreat modelProcess (computing)ConfidentialityBusinessLawOperating systemPolitical scienceInformation and Cyber SecurityNetwork Security and Intrusion DetectionAdvanced Malware Detection Techniques