Litcius/Paper detail

A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces

Lu Zhang, A. Taal, Reginald Cushing, Cees de Laat, Paola Grosso

2021International Journal of Information Security26 citationsDOIOpen Access PDF

Abstract

Abstract Security is a top concern in digital infrastructure and there is a basic need to assess the level of security ensured for any given application. To accommodate this requirement, we propose a new risk assessment system. Our system identifies threats of an application workflow, computes the severity weights with the modified Microsoft STRIDE/DREAD model and estimates the final risk exposure after applying security countermeasures in the available digital infrastructures. This allows potential customers to rank these infrastructures in terms of security for their own specific use cases. We additionally present a method to validate the stability and resolution of our ranking system with respect to subjective choices of the DREAD model threat rating parameters. Our results show that our system is stable against unavoidable subjective choices of the DREAD model parameters for a specific use case, with a rank correlation higher than 0.93 and normalised mean square error lower than 0.05.

Topics & Concepts

STRIDEComputer scienceRank (graph theory)WorkflowRanking (information retrieval)Computer securityStability (learning theory)Scoring systemDatabaseArtificial intelligenceMachine learningMathematicsMedicineSurgeryCombinatoricsInformation and Cyber SecurityAdvanced Malware Detection TechniquesCloud Data Security Solutions
A risk-level assessment system based on the STRIDE/DREAD model for digital data marketplaces | Litcius