Visible to the public Software and Attack Centric Integrated Threat Modeling for Quantitative Risk Assessment

TitleSoftware and Attack Centric Integrated Threat Modeling for Quantitative Risk Assessment
Publication TypeConference Paper
Year of Publication2016
AuthorsPotteiger, Bradley, Martins, Goncalo, Koutsoukos, Xenofon
Conference NameProceedings of the Symposium and Bootcamp on the Science of Security
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4277-3
KeywordsAttack Graphs, composability, Cyber-physical systems, Human Behavior, Metrics, pubcrawl, quantitative risk assessment, Resiliency, threat modeling, threat vectors

One step involved in the security engineering process is threat modeling. Threat modeling involves understanding the complexity of the system and identifying all of the possible threats, regardless of whether or not they can be exploited. Proper identification of threats and appropriate selection of countermeasures reduces the ability of attackers to misuse the system. This paper presents a quantitative, integrated threat modeling approach that merges software and attack centric threat modeling techniques. The threat model is composed of a system model representing the physical and network infrastructure layout, as well as a component model illustrating component specific threats. Component attack trees allow for modeling specific component contained attack vectors, while system attack graphs illustrate multi-component, multi-step attack vectors across the system. The Common Vulnerability Scoring System (CVSS) is leveraged to provide a standardized method of quantifying the low level vulnerabilities in the attack trees. As a case study, a railway communication network is used, and the respective results using a threat modeling software tool are presented.

Citation Keypotteiger_software_2016