Loading [MathJax]/extensions/MathZoom.js
Developer-Driven Threat Modeling: Lessons Learned in the Trenches | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Security & Privacy >Volume: 9 Issue: 4

Developer-Driven Threat Modeling: Lessons Learned in the Trenches

PDF
Danny Dhillon
All Authors

Abstract:

This article describes EMC/s real-world experiences with threat modeling, including major challenges encountered, lessons learned, and a description of the company's curr...Show More

Metadata

Abstract:

This article describes EMC/s real-world experiences with threat modeling, including major challenges encountered, lessons learned, and a description of the company's current developer-driven approach. Threat modeling is a conceptual exercise in which we analyze a system's architecture or design to find security flaws and reduce architectural risk.
Published in: IEEE Security & Privacy ( Volume: 9, Issue: 4, July-Aug. 2011)
Page(s): 41 - 47
Date of Publication: 12 May 2011

ISSN Information:

DOI: 10.1109/MSP.2011.47
Citations are not available for this document.
Contents

A Developer-Driven Threat-Modeling Process

In 2007, EMC began efforts to roll out threat modeling as an integral part of its secure software development processes. The intent was to address security better and embed security considerations into software design processes and throughout the corporation's culture. The threat-modeling process at EMC has evolved over the past few years and currently involves

creating an annotated dataflow diagram;

identifying and analyzing threats, guided by a threat library;

assessing threats' technical risk; and

mitigating threats to reduce risk.

Cites in Papers - |

Cites in Papers - IEEE (27)

Select All
1.
Emmanuel Kwarteng, Jamila Kwarteng, Naveen Bansal, Mumin Cebe, "Exploring Medical Device Manufacturing Domain Threat Modeling Methodologies: User Perspectives on Security, Privacy and Safety", 2024 18th International Symposium on Medical Information and Communication Technology (ISMICT), pp.22-27, 2024.
Show Article
Google Scholar
2.
Samuel Wairimu, Leonardo Horn Iwaya, Lothar Fritsch, Stefan Lindskog, "On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review", IEEE Access, vol.12, pp.19625-19650, 2024.
Show Article
Google Scholar
3.
Emmanuel Kwarteng, Mumin Cebe, "MEDICALHARM - A Threat Modeling designed for Modern Medical Devices", 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp.1147-1156, 2023.
Show Article
Google Scholar
4.
Junaid M. Qurashi, Kamal Mansur Jambi, Fathy E. Eassa, Maher Khemakhem, Fawaz Alsolami, Abdullah Ahmad Basuhail, "Toward Attack Modeling Technique Addressing Resilience in Self-Driving Car", IEEE Access, vol.11, pp.2652-2673, 2023.
Show Article
Google Scholar
5.
Anton Konev, "Functional Modeling as a Basis for Classifying Security Threats", 2022 International Siberian Conference on Control and Communications (SIBCON), pp.1-6, 2022.
Show Article
Google Scholar
6.
Nan Messe, Vanea Chiprianov, Nicolas Belloir, Jamal El-Hachem, Régis Fleurquin, Salah Sadou, "Asset-Oriented Threat Modeling", 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp.491-501, 2020.
Show Article
Google Scholar
7.
Asif Iqbal, Johannes Olegård, Ranjana Ghimire, "Digital Forensic Evidence - The missing link in Threat Modeling", 2020 International Conference on Data Analytics for Business and Industry: Way Towards a Sustainable Economy (ICDABI), pp.1-5, 2020.
Show Article
Google Scholar
8.
Koen Yskout, Thomas Heyman, Dimitri Van Landuyt, Laurens Sion, Kim Wuyts, Wouter Joosen, "Threat modeling: from infancy to maturity", 2020 IEEE/ACM 42nd International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER), pp.9-12, 2020.
Show Article
Google Scholar
9.
Laurens Sion, Katja Tuma, Riccardo Scandariato, Koen Yskout, Wouter Joosen, "Towards Automated Security Design Flaw Detection", 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW), pp.49-56, 2019.
Show Article
Google Scholar
10.
Bernhard J. Berger, Karsten Sohr, Rainer Koschke, "The Architectural Security Tool Suite — ARCHSEC", 2019 19th International Working Conference on Source Code Analysis and Manipulation (SCAM), pp.250-255, 2019.
Show Article
Google Scholar
11.
Wenjun Xiong, Robert Lagerström, "Threat Modeling of Connected Vehicles: A privacy analysis and extension of vehicleLang", 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), pp.1-7, 2019.
Show Article
Google Scholar
12.
Laurens Sion, Dimitri Van Landuyt, Kim Wuyts, Wouter Joosen, "Privacy Risk Assessment for Data Subject-Aware Threat Modeling", 2019 IEEE Security and Privacy Workshops (SPW), pp.64-71, 2019.
Show Article
Google Scholar
13.
Laurens Sion, Pierre Dewitte, Dimitri Van Landuyt, Kim Wuyts, Ivo Emanuilov, Peggy Valcke, Wouter Joosen, "An Architectural View for Data Protection by Design", 2019 IEEE International Conference on Software Architecture (ICSA), pp.11-20, 2019.
Show Article
Google Scholar
14.
Danny Dhillon, Vishal Mishra, "Applied Threat Driven Security Verification", 2018 IEEE Cybersecurity Development (SecDev), pp.135-135, 2018.
Show Article
Google Scholar
15.
Laurens Sion, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen, "Risk-Based Design Security Analysis", 2018 IEEE/ACM 1st International Workshop on Security Awareness from Design to Deployment (SEAD), pp.11-18, 2018.
Show Article
Google Scholar
16.
Laurens Sion, Dimitri Van Landuyt, Koen Yskout, Wouter Joosen, "SPARTA: Security & Privacy Architecture Through Risk-Driven Threat Assessment", 2018 IEEE International Conference on Software Architecture Companion (ICSA-C), pp.89-92, 2018.
Show Article
Google Scholar
17.
Laurens Sion, Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen, "Interaction-Based Privacy Threat Elicitation", 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp.79-86, 2018.
Show Article
Google Scholar
18.
Sven Türpe, "The Trouble with Security Requirements", 2017 IEEE 25th International Requirements Engineering Conference (RE), pp.122-133, 2017.
Show Article
Google Scholar
19.
Joanna C. S. Santos, Katy Tarrit, Mehdi Mirakhorli, "A Catalog of Security Architecture Weaknesses", 2017 IEEE International Conference on Software Architecture Workshops (ICSAW), pp.220-223, 2017.
Show Article
Google Scholar
20.
V Maheshwari, M Prasanna, "Integrating risk assessment and threat modeling within SDLC process", 2016 International Conference on Inventive Computation Technologies (ICICT), vol.1, pp.1-5, 2016.
Show Article
Google Scholar
21.
Sanjay Madria, Amartya Sen, "Offline Risk Assessment of Cloud Service Providers", IEEE Cloud Computing, vol.2, no.3, pp.50-57, 2015.
Show Article
Google Scholar
22.
Asad M. Madni, Prasanna Sridhar, "Tiered architecture for threat detection and containment using system of wireless embedded sensors and robots", 2014 World Automation Congress (WAC), pp.888-892, 2014.
Show Article
Google Scholar
23.
Amartya Sen, Sanjay Madria, "Off-Line Risk Assessment of Cloud Service Provider", 2014 IEEE World Congress on Services, pp.58-65, 2014.
Show Article
Google Scholar
24.
Kristian Beckers, Denis Hatebur, Maritta Heisel, "A Problem-Based Threat Analysis in Compliance with Common Criteria", 2013 International Conference on Availability, Reliability and Security, pp.111-120, 2013.
Show Article
Google Scholar
25.
Anton V. Uzunov, Katrina Falkner, Eduardo B. Fernandez, "Decomposing Distributed Software Architectures for the Determination and Incorporation of Security and Other Non-functional Requirements", 2013 22nd Australian Software Engineering Conference, pp.30-39, 2013.
Show Article
Google Scholar
26.
Bernhard J. Berger, Karsten Sohr, Rainer Koschke, "Extracting and Analyzing the Implemented Security Architecture of Business Applications", 2013 17th European Conference on Software Maintenance and Reengineering, pp.285-294, 2013.
Show Article
Google Scholar
27.
Eric Baize, "Developing Secure Products in the Age of Advanced Persistent Threats", IEEE Security & Privacy, vol.10, no.3, pp.88-92, 2012.
Show Article
Google Scholar

Cites in Papers - Other Publishers (33)

1.
Emmanuel Kwarteng, Mumin Cebe, "MEDICALHARM: A threat modeling designed for modern medical devices and a comprehensive study on effectiveness, user satisfaction, and security perspectives", International Journal of Information Security, 2024.
CrossRef Google Scholar
2.
Anh-Duy Tran, Koen Yskout, Wouter Joosen, "Threat Modeling: A Rough Diamond or\\xa0Fool’s Gold?", Software Architecture. ECSA 2023 Tracks, Workshops, and Doctoral Symposium, vol.14590, pp.120, 2024.
CrossRef Google Scholar
3.
Sankalp S. Paranjpe, Rohit Pachlor, "DevSecOps: Improving Software Development Life Cycle", International Journal of Advanced Research in Science, Communication and Technology, pp.316, 2024.
CrossRef Google Scholar
4.
Marta Beltrán, Miguel Calvo, "A privacy threat model for identity verification based on facial recognition", Computers & Security, pp.103324, 2023.
CrossRef Google Scholar
5.
Kamakshi Srikumar, Komal Kashish, Kolja Eggers, Nicolas E. Diaz Ferreyra, Julian Koch, Thorsten Schuppstuhl, Riccardo Scandariato, "STRIPED: A Threat Analysis Method for IoT Systems", Proceedings of the 17th International Conference on Availability, Reliability and Security, pp.1, 2022.
CrossRef Google Scholar
6.
Wenjun Xiong, Emeline Legrand, Oscar ?berg, Robert Lagerstrom, "Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix", Software and Systems Modeling, vol.21, no.1, pp.157, 2022.
CrossRef Google Scholar
7.
Simon Hacks, Sotirios Katsikeas, Engla Rencelj Ling, Wenjun Xiong, Jérôme Pfeiffer, Andreas Wortmann, "Towards a Systematic Method for Developing Meta Attack Language Instances", Enterprise, Business-Process and Information Systems Modeling, vol.450, pp.139, 2022.
CrossRef Google Scholar
8.
Martin Gilje Jaatun, Karin Bernsmed, Daniela Soares Cruzes, Inger Anne Tøndel, "Threat Modeling in Agile Software Development", Research Anthology on Agile Software, Software Development, and Testing, pp.480, 2022.
CrossRef Google Scholar
9.
Lauren S. Ferro, Andrea Marrella, Tiziana Catarci, "A Human Factor Approach to Threat Modeling", HCI for Cybersecurity, Privacy and Trust, vol.12788, pp.139, 2021.
CrossRef Google Scholar
10.
Dimitri Van Landuyt, Wouter Joosen, "A descriptive study of assumptions in STRIDE security threat modeling", Software and Systems Modeling, 2021.
CrossRef Google Scholar
11.
Ganesh Viswanathan, Prabhu J, "A hybrid threat model for system-centric and attack-centric for effective security design in SDLC", Web Intelligence, vol.19, no.1-2, pp.1, 2021.
CrossRef Google Scholar
12.
Michael Doyle, Joshua D. Harguess, Keith Manville, Mikel Rodriguez, "The vulnerability of UAVs: an adversarial machine learning perspective", Geospatial Informatics XI, pp.13, 2021.
CrossRef Google Scholar
13.
Koen Yskout, Thomas Heyman, Dimitri Van Landuyt, Laurens Sion, Kim Wuyts, Wouter Joosen, "Threat modeling", Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: New Ideas and Emerging Results, pp.9, 2020.
CrossRef Google Scholar
14.
Margus Välja, Fredrik Heiding, Ulrik Franke, Robert Lagerström, "Automating threat modeling using an ontology framework", Cybersecurity, vol.3, no.1, 2020.
CrossRef Google Scholar
15.
Ceara Treacy, John Loane, Fergal McCaffery, "A Developer Driven Framework for Security and Privacy in the Internet of Medical Things", Systems, Software and Services Process Improvement, vol.1251, pp.107, 2020.
CrossRef Google Scholar
16.
James Sanfilippo, Tamirat Abegaz, Bryson Payne, Abi Salimi, "STRIDE-Based Threat Modeling for MySQL Databases", Proceedings of the Future Technologies Conference (FTC) 2019, vol.1070, pp.368, 2020.
CrossRef Google Scholar
17.
Wenjun Xiong, Robert Lagerström, "Threat modeling – A systematic literature review", Computers & Security, vol.84, pp.53, 2019.
CrossRef Google Scholar
18.
Martin Gilje Jaatun, Karin Bernsmed, Daniela Soares Cruzes, Inger Anne Tøndel, "Threat Modeling in Agile Software Development", Exploring Security in Software Architecture and Design, pp.1, 2019.
CrossRef Google Scholar
19.
Laurens Sion, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen, "Knowledge-enriched security and privacy threat modeling", Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings, pp.290, 2018.
CrossRef Google Scholar
20.
Arne Padmos, "Against Mindset", Proceedings of the New Security Paradigms Workshop on - NSPW '18, pp.12, 2018.
CrossRef Google Scholar
21.
Laurens Sion, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen, "Solution-aware data flow diagrams for security threat modeling", Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pp.1425, 2018.
CrossRef Google Scholar
22.
Laurens Sion, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen, "Risk-Based Design Security Analysis", 2018 IEEE/ACM 1st International Workshop on Security Awareness from Design to Deployment (SEAD), pp.11-18, 2018.
Full Text: PDF Full Text: HTML Google Scholar
23.
Deepika Rana, Manisha Malhotra, "Problems, Threats in Software Development Life Cycle and Their Analysis", Analyzing the Role of Risk Mitigation and Monitoring in Software Development, pp.61, 2018.
CrossRef Google Scholar
24.
Aljosha Judmayer, Johanna Ullrich, Georg Merzdovnik, Artemios G. Voyiatzis, Edgar Weippl, "Lightweight Address Hopping for Defending the IPv6 IoT", Proceedings of the 12th International Conference on Availability, Reliability and Security, pp.1, 2017.
CrossRef Google Scholar
25.
Bernhard J. Berger, Karsten Sohr, Rainer Koschke, "Automatically Extracting Threats from Extended Data Flow Diagrams", Engineering Secure Software and Systems, vol.9639, pp.56, 2016.
CrossRef Google Scholar
26.
Kristian Beckers, "Supporting Common Criteria Security Analysis with Problem Frames", Pattern and Security Requirements, pp.195, 2015.
CrossRef Google Scholar
27.
Riccardo Scandariato, Kim Wuyts, Wouter Joosen, "A descriptive study of Microsoft’s threat modeling technique", Requirements Engineering, vol.20, no.2, pp.163, 2015.
CrossRef Google Scholar
28.
Anton V. Uzunov, Eduardo B. Fernandez, Katrina Falkner, "ASE: A comprehensive pattern-driven security methodology for distributed systems", Computer Standards & Interfaces, vol.41, pp.112, 2015.
CrossRef Google Scholar
29.
Kristian Beckers, Stephan Fa?bender, Maritta Heisel, Santiago Suppan, "A Threat Analysis Methodology for Smart Home Scenarios", Smart Grid Security, vol.8448, pp.94, 2014.
CrossRef Google Scholar
30.
Riccardo Scandariato, Federica Paci, Le Minh Sang Tran, Katsiaryna Labunets, Koen Yskout, Fabio Massacci, Wouter Joosen, "Empirical Assessment of Security Requirements and Architecture: Lessons Learned", Engineering Secure Future Internet Services and Systems, vol.8431, pp.35, 2014.
CrossRef Google Scholar
Contact IEEE to Subscribe
More Like This
Network computer security and protection measures based on information security risk in cloud computing environment

2021 IEEE International Conference on Advances in Electrical Engineering and Computer Applications (AEECA)

Published: 2021

State-of-the-art simulation systems for information security education, training and awareness

IEEE EDUCON 2010 Conference

Published: 2010

Show More

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.