Two architectural threat analysis techniques compared
Paper in proceedings, 2018

In an initial attempt to systematize the research field of architectural threat analysis, this paper presents a comparative study of two threat analysis techniques. In particular, the controlled experiment presented here compares two variants of Microsoft’s STRIDE. The two variants differ in the way the analysis is performed. In one case, each component of the software system is considered in isolation and scrutinized for potential security threats. In the other case, the analysis has a wider scope and considers the security threats that might occur in a pair of interacting software components. The study compares the techniques with respect to their effectiveness in finding security threats (benefits) as well as the time that it takes to perform the analysis (cost). We also look into other human aspects which are important for industrial adoption, like, for instance, the perceived difficulty in learning and applying the techniques as well as the overall preference of our experimental participants.

Empirical study

Threat analysis

STRIDE

Secure software

Author

Katja Tuma

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering (Chalmers), Software Engineering for Cyber Physical Systems

University of Gothenburg

Riccardo Scandariato

University of Gothenburg

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering (Chalmers), Software Engineering for Cyber Physical Systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 11048 LNCS 347-363

12th European Conference on Software Architecture, ECSA 2018
Madrid, Spain,

Subject Categories

Other Computer and Information Science

Software Engineering

Computer Systems

DOI

10.1007/978-3-030-00761-4_23

More information

Latest update

12/9/2019