Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

A Hybrid Threat Modeling Method

  • Abstract

    In FY 2016, the research team evaluated Security Cards, STRIDE (Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, Elevation of privilege), and persona non grata (PnG) for effectiveness in threat identification. Security Cards is an approach that emphasizes creativity and brainstorming over more structured approaches such as checklists. STRIDE involves modeling a system and subsystem and related data flows. PnGs represent archetypal users who behave in unwanted, possibly nefarious ways. The team used two scenarios: an aircraft maintenance scenario and a drone swarm scenario, both described in this technical note in detail, along with the project outcomes. No individual threat modeling method included all identified threats.

    The research team subsequently developed the Hybrid Threat Modeling Method (hTMM), considering the desirable characteristics for a Threat Modeling Method. At a high level, the hTMM includes the following steps, described in detail in the technical note: (1) Identify the system you will be threat modeling. (2) Apply Security Cards according to developers’ suggestions. (3) Prune PnGs that are unlikely or for which no
    realistic attack vectors could be identified. (4) Summarize results from the above steps, utilizing tool support. (5) Continue with a formal risk assessment method.

  • Download

Cite This Report

SEI

Mead, Nancy; Shull, Forrest; Vemuru, Krishnamurthy; & Villadsen, Ole. A Hybrid Threat Modeling Method. CMU/SEI-2018-TN-002. Software Engineering Institute, Carnegie Mellon University. 2018. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=516617

IEEE

Mead. Nancy, Shull. Forrest, Vemuru. Krishnamurthy, and Villadsen. Ole, "A Hybrid Threat Modeling Method," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2018-TN-002, 2018. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=516617

APA

Mead, Nancy., Shull, Forrest., Vemuru, Krishnamurthy., & Villadsen, Ole. (2018). A Hybrid Threat Modeling Method (CMU/SEI-2018-TN-002). Retrieved April 25, 2018, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=516617

CHI

Nancy Mead, Forrest Shull, Krishnamurthy Vemuru, & Ole Villadsen. A Hybrid Threat Modeling Method (CMU/SEI-2018-TN-002). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2018. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=516617

MLA

Mead, Nancy., Shull, Forrest., Vemuru, Krishnamurthy., & Villadsen, Ole. 2018. A Hybrid Threat Modeling Method (Technical Report CMU/SEI-2018-TN-002). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=516617

BibTex

@techreport{MeadAHybrid2018,
title={A Hybrid Threat Modeling Method},
author={Nancy Mead and Forrest Shull and Krishnamurthy Vemuru and Ole Villadsen},
year={2018},
number={CMU/SEI-2018-TN-002},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=516617} }