Abstract
Cyber threat modeling is an analytical process that is used for identifying the potential threats against a system and supporting the selection of security requirements in the early stages of the system development life cycle. Thus, threat modeling is a vital instrument for the realization of the secure-by-design principle. Despite being a well-known practice in software development projects, its adaptation to cyber-physical systems still requires systematic elaboration. The complex interactions between cyber and physical spaces and their reflection on the cyber threat landscape constitute a significant challenge for the system development teams. This study proposes a detailed methodology to apply STRIDE to cyber-physical systems and demonstrates its applicability in a case study of a microgrid system. Our methodology provides a systematic threat elicitation procedure based on an attack taxonomy that was created for this research. This paper also shows how assets could be identified, data flow diagrams formed, trust boundaries determined, and threats prioritized, in the case of a cyber-physical system.
Original language | English (US) |
---|---|
Article number | 102950 |
Journal | Computers and Security |
Volume | 124 |
DOIs | |
State | Published - Jan 2023 |
Externally published | Yes |
Keywords
- Cyber-Physical Systems (CPS)
- Impact assessment
- Industrial Control Systems (ICS)
- Microgrid
- STRIDE
- Threat modeling
- Threat Modeling
ASJC Scopus subject areas
- General Computer Science
- Law