Threat analysis of software systems: A systematic literature review
Journal article, 2018

Architectural threat analysis has become an important cornerstone for organizations concerned with developing secure software. Due to the large number of existing techniques it is becoming more challenging for practitioners to select an appropriate threat analysis technique. Therefore, we conducted a systematic literature review (SLR) of the existing techniques for threat analysis. In our study we compare 26 methodologies for what concerns their applicability, characteristics of the required input for analysis, characteristics of analysis procedure, characteristics of analysis outcomes and ease of adoption. We also provide insight into the obstacles for adopting the existing approaches and discuss the current state of their adoption in software engineering trends (e.g. Agile, DevOps, etc.). As a summary of our findings we have observed that: the analysis procedure is not precisely defined, there is a lack of quality assurance of analysis outcomes and tool support and validation are limited.

Risk assessment

Threat analysis (modeling)

Security-by-design

Systematic literature review (SLR)

Software systems

Author

Katja Tuma

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering (Chalmers), Software Engineering for Cyber Psysical Systems

Gul Calikli

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering (Chalmers), Software Engineering for People, Architecture, Requirements and Traceability

Riccardo Scandariato

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering (Chalmers), Software Engineering for Cyber Psysical Systems

Journal of Systems and Software

0164-1212 (ISSN)

Vol. 144 275-294

Areas of Advance

Information and Communication Technology

Subject Categories

Other Engineering and Technologies not elsewhere specified

Software Engineering

Information Science

DOI

10.1016/j.jss.2018.06.073

More information

Latest update

12/19/2018