Towards Efficiency and Quality Assurance in Threat Analysis of Software Systems
Licentiatavhandling, 2018

Context: Security threats have been a growing concern in many organizations. Organizations developing software products strive to plan for security as soon as possible to mitigate such potential threats. In the design phase of the software development life-cycle, teams of experts routinely analyze the system architecture and design to nd potential security threats.
Objective: The goal of this research is to improve on the performance of existing threat analysis techniques and support practitioners with automation and tool support. To understand the inner-workings of existing threat analysis methodologies we also conduct a systematic literature review examining 26 methodologies in detail. Our industrial partners conrm that existing techniques are labor intensive and do not provide quality guarantees about their outcomes.
Method: We conducted empirical studies for building an in-depth understanding of existing techniques (Systematic Literature Review (SLR), controlled experiments). Further we rely on empirical case studies for ongoing validation of an attempted technique performance improvement.
Findings: We have found that using a novel risk-rst approach can help reduce the labor while producing the same level of outcome quality in a shorter period of time. Further, we suggest that the key for a successful application of this approach is two fold. First, widening the analysis scope to end-to-end scenarios guides the analyst to focus on important assets. Second, appropriate model abstractions are required to manage the cognitive load of the human analysts. We have also found that reasoning about security in a formal setting requires extending the existing notations with security semantics. Further, minimal model extensions for doing so include security contracts for system nodes handling sensitive information. In such a setting, the analysis can be automated and can to some extent provide completeness guarantees.
Future work: In the future, we plan to further study the analysis completeness guarantees. In particular, we plan to improve on the analysis automation and investigate complementary techniques for analysis completeness (namely informal pattern based techniques). We also plan to work on the disconnect between the planned and implemented security.

Secure Software Design

Threat Analysis (Modeling)


Katja Tuma

Chalmers, Data- och informationsteknik, Software Engineering, Software Engineering for Cyber Physical Systems

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis

Proceedings - 2019 IEEE International Conference on Software Architecture, ICSA 2019,; (2019)p. 191-200

Paper i proceeding

Two architectural threat analysis techniques compared

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 11048 LNCS(2018)p. 347-363

Paper i proceeding

Threat analysis of software systems: A systematic literature review

Journal of Systems and Software,; Vol. 144(2018)p. 275-294

Artikel i vetenskaplig tidskrift

Towards security threats that matter

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 10683(2017)p. 47-62

Paper i proceeding

Holistiskt angreppssätt att förbättra datasäkerhet (HoliSec)

VINNOVA, 2016-04-01 -- 2019-03-31.




Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning


Göteborgs universitet

Mer information

Senast uppdaterat