Abstract
Threat modeling is a process to identify security threats and propose effective solutions for mitigating them. Numerous resources emphasize the importance of threat modeling in the secure software development lifecycle, particularly during the design phase. In this paper, we collect and discuss the (scarce) empirical evidence from the literature that provides insights into the adoption and utilization of threat modeling. Based on our observations, we also formulate a number of open challenges related to gaining a better empirical understanding of the use of threat modeling in practice.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
ACM Digital Library — dl.acm.org. https://dl.acm.org/. Accessed 04 Jul 2023
Google Scholar — scholar.google.com. https://scholar.google.com/. Accessed 04 Jul 2023
IEEE Xplore — ieeexplore.ieee.org. https://ieeexplore.ieee.org/Xplore/home.jsp. Accessed 04 Jul 2023
Scopus Preview — scopus.com. https://www.scopus.com/. Accessed 04 Jul 2023
Semantic Scholar | AI-Powered Research Tool — semanticscholar.org. https://www.semanticscholar.org/. Accessed 04 Jul 2023
Bernsmed, K., Cruzes, D.S., Jaatun, M.G., Iovan, M.: Adopting threat modelling in agile software development projects. J. Syst. Softw. 183, 111090 (2022)
Bernsmed, K., Jaatun, M.G.: Threat modelling and agile software development: Identified practice in four norwegian organisations. In: 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–8. IEEE (2019)
Bygdås, E., Jaatun, L.A., Antonsen, S.B., Ringen, A., Eiring, E.: Evaluating threat modeling tools: microsoft tmt versus owasp threat dragon. In: 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–7. IEEE (2021)
Cruzes, D.S., Jaatun, M.G., Bernsmed, K., Tøndel, I.A.: Challenges and experiences with applying microsoft threat modeling in agile development projects. In: 2018 25th Australasian Software Engineering Conference (ASWEC), pp. 111–120. IEEE (2018)
Dewitte, P., et al.: A comparison of system description models for data protection by design. In: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, pp. 1512–1515 (2019)
Dhillon, D.: Developer-driven threat modeling: lessons learned in the trenches. IEEE Secur. Privacy 9(4), 41–47 (2011)
Fitzgerald, B., Musiał, M., Stol, K.J.: Evidence-based decision making in lean software project management. In: Companion Proceedings of the 36th International Conference on Software Engineering, pp. 93–102 (2014)
Galvez, R., Gurses, S.: The odyssey: modeling privacy threats in a brave new world. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 87–94. IEEE (2018)
Granata, D., Rak, M.: Systematic analysis of automated threat modelling techniques: comparison of open-source tools. Softw. Quality J., 1–37 (2023)
Jamil, A.-M., Ben Othmane, L., Valani, A.: Threat modeling of cyber-physical systems in practice. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds.) CRiSIS 2021. LNCS, vol. 13204, pp. 3–19. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-02067-4_1
Kitchenham, B.A., Dyba, T., Jorgensen, M.: Evidence-based software engineering. In: Proceedings of the 26th International Conference on Software Engineering, pp. 273–281. IEEE (2004)
Library, C.: Qualitative and quantitative research: What is “empirical research”? Website. https://library.lasalle.edu/c.php?g=225780 &p=3112085
Mbaka, W., Tuma, K.: A replication of a controlled experiment with two stride variants. arXiv preprint arXiv:2208.01524 (2022)
Microsoft: Microsoft Security Development Lifecycle — microsoft.com. https://www.microsoft.com/en-us/securityengineering/sdl. Accessed 30 Jun 2023
NIST: Secure Software Development Framework | CSRC | CSRC — csrc.nist.gov. https://csrc.nist.gov/Projects/ssdf. Accessed 30 Jun 2023
Opdahl, A.L., Sindre, G.: Experimental comparison of attack trees and misuse cases for security threat identification. Inf. Softw. Technol. 51(5), 916–932 (2009)
OWASP: A04 Insecure Design - OWASP Top 10:2021 — owasp.org. https://owasp.org/Top10/A04_2021-Insecure_Design/. Accessed 30 Jun 2023
OWASP: OWASP SAMM | OWASP Foundation — owasp.org. https://owasp.org/www-project-samm/. Accessed 30 Jun 2023
Patten, M.L., Galvan, M.C.: Proposing empirical research: A guide to the fundamentals. Routledge (2019)
Scandariato, R., Wuyts, K., Joosen, W.: A descriptive study of microsoft’s threat modeling technique. Requirements Eng. 20, 163–180 (2015)
Shi, Z., Graffi, K., Starobinski, D., Matyunin, N.: Threat modeling tools: a taxonomy. IEEE Secur. Privacy 20(4), 29–39 (2022). https://doi.org/10.1109/MSEC.2021.3125229
Shostack, A.: Experiences threat modeling at microsoft. MODSEC@ MoDELS 2008, 35 (2008)
Steckler, A., McLeroy, K.R., Goodman, R.M., Bird, S.T., McCormick, L.: Toward integrating qualitative and quantitative methods: An introduction (1992)
Stevens, R., Votipka, D., Redmiles, E.M., Ahern, C., Sweeney, P., Mazurek, M.L.: The battle for new york: A case study of applied digital threat modeling at the enterprise level. In: USENIX Security Symposium, pp. 621–637 (2018)
Tuma, K., Calikli, G., Scandariato, R.: Threat analysis of software systems: a systematic literature review. J. Syst. Softw. 144(May), 275–294 (2018). https://doi.org/10.1016/j.jss.2018.06.073
Tuma, K., Mbaka, W.: Human aspect of threat analysis: A replication. arXiv preprint arXiv:2208.01512 (2022)
Tuma, K., Scandariato, R.: Two architectural threat analysis techniques compared. In: Cuesta, C.E., Garlan, D., Pérez, J. (eds.) ECSA 2018. LNCS, vol. 11048, pp. 347–363. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00761-4_23
Van Landuyt, D., Joosen, W.: A descriptive study of assumptions made in linddun privacy threat elicitation. In: Proceedings of the 35th Annual ACM Symposium on Applied Computing, pp. 1280–1287 (2020)
Van Landuyt, D., Joosen, W.: A descriptive study of assumptions in stride security threat modeling. Software and Systems Modeling, pp. 1–18 (2021)
Williams, I., Yuan, X.: Evaluating the effectiveness of microsoft threat modeling tool. In: Proceedings of the 2015 Information Security Curriculum Development Conference, pp. 1–6 (2015)
Wuyts, K., Scandariato, R., Joosen, W.: Empirical evaluation of a privacy-focused threat modeling methodology. J. Syst. Softw. 96, 122–138 (2014)
Xiong, W., Lagerström, R.: Threat modeling – a systematic literature review. Comput. Secur. 84, 53–69 (2019). https://doi.org/10.1016/j.cose.2019.03.010
Yeng, P., Wolthusen, S.D., Yang, B.: Comparative analysis of threat modeling methods for cloud computing towards healthcare security practice (2020)
Yskout, K., Heyman, T., Van Landuyt, D., Sion, L., Wuyts, K., Joosen, W.: Threat modeling: from infancy to maturity. In: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: New Ideas and Emerging Results, pp. 9–12 (2020)
Acknowledgements
This research is partially funded by the Research Fund KU Leuven, and by the Flemish Research Programme Cybersecurity.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tran, AD., Yskout, K., Joosen, W. (2024). Threat Modeling: A Rough Diamond or Fool’s Gold?. In: Tekinerdoğan, B., Spalazzese, R., Sözer, H., Bonfanti, S., Weyns, D. (eds) Software Architecture. ECSA 2023 Tracks, Workshops, and Doctoral Symposium. ECSA 2023. Lecture Notes in Computer Science, vol 14590. Springer, Cham. https://doi.org/10.1007/978-3-031-66326-0_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-66326-0_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-66325-3
Online ISBN: 978-3-031-66326-0
eBook Packages: Computer ScienceComputer Science (R0)