Skip to main content

Research Repository

Advanced Search

Threat Modeling Revisited: Improving Expressiveness of Attack

Mirembe, Drake Patrick; Muyeba, Maybin

Authors

Drake Patrick Mirembe



Abstract

Threat modeling plays an important role in the deployment of optimal security controls and a number of threat modeling techniques have been proposed. However, most of the existing techniques lack adequate semantics and expressiveness. This paper reviews the existing techniques and proposes threat net; a technique based on information and causality theory concepts which offers improved expressiveness and semantics of threat models. Threat net is built on Petri nets and treats every node in the threat path as a random variable, whose values include time specific attacker profile and system defense capabilities. In theory, by computing the expected value of random events one can estimate the cost of achieving a given goal. We believe that the simplicity and richness of our technique will make it attractive to security experts. In future we hope to validate threat net using case-based analysis theory.

Presentation Conference Type Conference Paper (published)
Conference Name 2008 Second UKSIM European Symposium on Computer Modeling and Simulation (EMS)
Start Date Sep 8, 2008
End Date Sep 10, 2008
Publication Date 2008-09
Deposit Date Apr 2, 2025
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Pages 93-98
ISBN 978-0-7695-3325-4
DOI https://doi.org/10.1109/ems.2008.83
Keywords Threat Net , Expressiveness , Semantics , Petri Nets , Threat-Centric , Attack-Centric


You might also like



Downloadable Citations