The Threat Modeling Naturally Tool: An Interactive Tool Supporting More Natural Flexible and Ad-Hoc Threat Modeling

Thumbnail Image

Files

wsiw2024final18.pdf (5.13 MB)

Links to Files

https://security-information-workers.github.io/downloads/wsiw2024-final18.pdf

Permanent Link

http://hdl.handle.net/11603/36740

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2024

Type of Work

conference papers and proceedings
preprints
Text

Department

Program

Citation of Original Publication

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

Abstract

Threat modeling is an important process in achieving secureby-design software systems. While some tools have been developed to aid system architects in building threat models, many of these do not support the more flexible ways that threat modeling occurs in practice. We present the Threat Modeling Naturally Tool as the first step in providing architects with a tool that allows for a more natural threat modeling process that is modular in design. This tool consists of a threat modeling Domain-Specific Language and a series of modular components that allow users to specify their system and assign threats and mitigations without disrupting their brainstorming. We describe the design and implementation of our tool using a mock medical device as a case study as well as discuss how the tool can be used for future work supporting threat modeling research.