Just Accepted
AttackDefense Framework (ADF): Enhancing IoT Devices and Lifecycles Threat Modeling
Authors: 
Tommaso Sacchetti, Marton Bognar, Jesse De Meulemeester, Benedikt Gierlichs, Frank Piessens, Volodymyr Bezsmertnyi, Maria Chiara Molteni, Stefano Cristalli, Arianna Gringiani, Olivier Thomas, Daniele AntonioliAuthors Info & Claims
Accepted on 07 September 2024
Abstract
Threat modeling (TM) is essential to manage, prevent, and fix security and privacy issues in our society. TM requires a data model to represent threats and tools to exploit such data. Current TM data models and tools have significant limitations preventing their usage in real-world scenarios. For example, it is challenging to TM embedded devices with current data models and tools as they cannot model their hardware, firmware, and low-level software. Moreover, it is impossible to TM a device lifecycle or security-privacy tradeoffs as these data models and tools were developed for other use cases (e.g., software security or user privacy).
We fill this relevant gap by presenting the AttackDefense Framework (ADF), which provides a novel data model and related tools to augment TM. ADF’s building block is the AD object that can be used to represent heterogeneous and complex threats. Moreover, ADF provides automations to process a collection of AD objects, including ways to create sets, maps, chains, trees, and wordclouds of AD objects. We present ADF, a toolkit implementing ADF composed of four modules (Catalog, Parse, Check, and Analyze).
We confirm that the data model and tools provided by ADF are useful by running an extensive set of experiments while threat modeling a crypto wallet and its lifecycle. Our experiments involved seven expert groups from academia and industry, each using the ADF on an orthogonal threat class. The evaluation generated 175 high-quality ADs covering ISA/IEC 62433-4-1 SecDev Lifecycle, side-channels, fault injection, microarchitectural attacks, speculative execution, pre-silicon testing, invasive physical chip modifications, Bluetooth protocol and implementation threats, and FIDO2 authentication.
References
[1]
Ioannis Agadakos, Chien-Ying Chen, Matteo Campanelli, Prashant Anantharaman, Monowar Hasan, Bogdan Copos, Tancrède Lepoint, Michael Locasto, Gabriela F Ciocarlie, and Ulf Lindqvist. 2017. Jumping the air gap: Modeling cyber-physical attack paths in the Internet-of-Things. In Proceedings of the 2017 workshop on cyber-physical systems security and privacy. 37–48.
[2]
FIDO Alliance. 2024. FIDO: Simpler, Stronger Authentication. https://fidoalliance.org/.
[3]
FIDO Alliance. 2024. FIDO2. https://fidoalliance.org/fido2/.
[4]
Luca Allodi and Sandro Etalle. 2017. Towards realistic threat modeling: attack commodification, irrelevant vulnerabilities, and unrealistic assumptions. In Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense. 23–26.
[5]
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen. 2020. Key Negotiation Downgrade Attacks on Bluetooth and Bluetooth Low Energy. ACM Transactions on Privacy and Security (TOPS) 23, 3 (2020), 1–28.
[6]
Daniele Antonioli, Nils Ole Tippenhauer, Kasper Rasmussen, and Mathias Payer. 2022. BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy. In Proceedings of the Asia conference on computer and communications security (ASIACCS).
[7]
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B Rasmussen. 2019. The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation Of Bluetooth BR/EDR. In 28th USENIX Security Symposium (USENIX Security 19). 1047–1061.
[8]
Maxime Audinot, Sophie Pinchinat, and Barbara Kordy. 2017. Is my attack tree correct?. In Computer Security–ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part I 22. Springer, 83–102.
[9]
Frederick Barr-Smith, Tim Blazytko, Richard Baker, and Ivan Martinovic. 2022. Exorcist: Automated Differential Analysis to Detect Compromises in Closed-Source Software Supply Chains. In Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses. 51–61.
[10]
Bernhard J. Berger, Karsten Sohr, and Rainer Koschke. 2016. Automatically Extracting Threats from Extended Data Flow Diagrams. In Proceedings of the 8th International Symposium on Engineering Secure Software and Systems - Volume 9639 (London, UK) (ESSoS 2016). Springer-Verlag, Berlin, Heidelberg, 56–71. https://doi.org/10.1007/978-3-319-30806-7_4
[11]
Eli Biham and Lior Neumann. 2020. Breaking the Bluetooth pairing–the fixed coordinate invalid curve attack. In Selected Areas in Cryptography–SAC 2019: 26th International Conference, Waterloo, ON, Canada, August 12–16, 2019, Revised Selected Papers 26. Springer, 250–273.
[12]
Marton Bognar, Jo Van Bulck, and Frank Piessens. 2022. Mind the Gap: Studying the Insecurity of Provably Secure Embedded Trusted Execution Architectures. In 43rd IEEE Symposium on Security and Privacy (S&P). IEEE, 1638–1655.
[13]
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract). In EUROCRYPT(Lecture Notes in Computer Science, Vol. 1233). Springer, 37–51.
[14]
Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A Systematic Evaluation of Transient Execution Attacks and Defenses. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 249–266.
[15]
Alan Cao and Brendan Dolan-Gavitt. 2022. What the Fork? Finding and Analyzing Malware in GitHub Forks. In Proc. of NDSS, Vol. 22.
[16]
Romain Cayre, Florent Galtier, Guillaume Auriol, Vincent Nicomette, Mohamed Kaâniche, and Géraldine Marconato. 2021. InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections. In 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 388–399.
[17]
Guillaume Celosia and Mathieu Cunche. 2019. Fingerprinting Bluetooth Low Energy devices based on the generic attribute profile. In Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things. 24–31.
[18]
Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Towards Sound Approaches to Counteract Power-Analysis Attacks. In CRYPTO(Lecture Notes in Computer Science, Vol. 1666). Springer, 398–412.
[19]
Partha Das Chowdhury, Maria Sameen, Jenny Blessing, Nicholas Boucher, Joseph Gardiner, Tom Burrows, Ross Anderson, and Awais Rashid. 2023. Threat Models over Space and Time: A Case Study of E2EE Messaging Applications. arXiv preprint arXiv:2301.05653(2023).
[20]
CISA. 2024. Decider web application. https://github.com/cisagov/Decider/.
[21]
Tristan Claverie and José Lopes Esteves. 2021. Bluemirror: reflections on Bluetooth pairing and provisioning protocols. In 2021 IEEE Security and Privacy Workshops (SPW). IEEE, 339–351.
[22]
Jean-Sébastien Coron. 1999. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In Cryptographic Hardware and Embedded Systems - CHES’99(LNCS, Vol. 1717), Çetin Kaya Koç and Christof Paar (Eds.). Springer, 292–302.
[23]
Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3–32.
[24]
Graphviz developers. 2024. Graphviz is an open source graph visualization software. https://graphviz.org/.
[25]
Graphviz developers. 2024. Package facilitating the creation and rendering of graph descriptions in the DOT language of Graphviz. https://pypi.org/project/graphviz/.
[26]
LibYAML developers. 2024. LibYAML - A C library for parsing and emitting YAML.https://github.com/yaml/libyaml.
[27]
Linux Kernel Developers. 2024. The Kernel Address Sanitizer (KASAN). https://www.kernel.org/doc/html/latest/dev-tools/kasan.html.
[28]
Linux Kernel Developers. 2024. The Kernel Memory Sanitizer (KMSAN). https://www.kernel.org/doc/html/latest/dev-tools/kmsan.html.
[29]
Pandas developers. 2024. Pandas is a fast, powerful, flexible and easy to use open source data analysis and manipulation tool, built on top of the Python programming language. https://pandas.pydata.org/.
[30]
PyYAML developers. 2024. PyYAML is a full-featured YAML framework for the Python programming language. https://pyyaml.org/.
[31]
Rust developers. 2024. Rust: A language empowering everyone to build reliable and efficient software. https://www.rust-lang.org/.
[32]
SoloKeys developers. 2024. SoloKeys Blog. https://solokeys.com/blogs/news.
[33]
SoloKeys developers. 2024. SoloKeys Homepage. https://solokeys.com/.
[34]
TheHive developers. 2024. TheHive is a FOSS security incident response platform. https://github.com/TheHive-Project/TheHive.
[35]
Threatspec developers. 2024. Threatspec - continuous threat modeling, through code. https://github.com/threatspec/threatspec.
[36]
Wordcloud developers. 2024. A little word cloud generator in Python. https://pypi.org/project/wordcloud/.
[37]
Matplotlib development team. 2024. Matplotlib: Visualization with Python. https://matplotlib.org/.
[38]
Guardian Digital. 2024. Linux Security Advisories. https://linuxsecurity.com/advisories.
[39]
Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, and Gang Wang. 2019. Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 869–885. https://www.usenix.org/conference/usenixsecurity19/presentation/dong
[40]
Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee. 2020. Towards measuring supply chain attacks on package managers for interpreted languages. arXiv preprint arXiv:2002.01139(2020).
[41]
William Enck and Laurie Williams. 2022. Top five challenges in software supply chain security: Observations from 30 industry and government organizations. IEEE Security & Privacy 20, 2 (2022), 96–100.
[42]
engn33r. 2024. Awesome Bluetooth Security (BR, EDR, LE, and Mesh). https://github.com/engn33r/awesome-bluetooth-security.
[43]
The Center for Threat-Informed Defense. 2024. Threat Report ATT&CK Mapping (TRAM). https://github.com/center-for-threat-informed-defense/tram.
[44]
Christian Frichot. 2024. hcltm: Threat Modeling with HCL. https://github.com/xntrik/hcltm.
[45]
Simon Fürst, Jürgen Mössinger, Stefan Bunzel, Thomas Weber, Frank Kirschke-Biller, Peter Heitkämper, Gerulf Kinkelin, Kenji Nishikawa, and Klaus Lange. 2009. AUTOSAR–A Worldwide Standard is on the Road. In 14th International VDI Congress Electronic Systems for Vehicles, Baden-Baden, Vol. 62. Citeseer, 5.
[46]
Karine Gandolfi, Christophe Mourtel, and Francis Olivier. 2001. Electromagnetic Analysis: Concrete Results. In CHES(Lecture Notes in Computer Science, Vol. 2162). Springer, 251–261.
[47]
Matheus E Garbelini, Chundong Wang, Sudipta Chattopadhyay, Sumei Sun, and Ernest Kurniawan. 2020. Sweyntooth: Unleashing mayhem over Bluetooth Low Energy. In Proceedings of the 2020 USENIX Conference on Usenix Annual Technical Conference. 911–925.
[48]
Google. 2024. Android Security Bulletins. https://source.android.com/docs/security/bulletin.
[49]
Louis Goubin and Jacques Patarin. 1999. DES and Differential Power Analysis (The ”Duplication” Method). In CHES(Lecture Notes in Computer Science, Vol. 1717). Springer, 158–172.
[50]
Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+Flush: A Fast and Stealthy Cache Attack. In Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference, DIMVA 2016, San Sebastián, Spain, July 7-8, 2016, Proceedings(Lecture Notes in Computer Science, Vol. 9721), Juan Caballero, Urko Zurutuza, and Ricardo J. Rodríguez (Eds.). Springer, 279–299. https://doi.org/10.1007/978-3-319-40667-1_14
[51]
Marit Hansen, Meiko Jensen, and Martin Rost. 2015. Protection goals for privacy engineering. In 2015 IEEE Security and Privacy Workshops. IEEE, 159–166.
[52]
MG Hardy. 2012. Beyond continuous monitoring: Threat modeling for real-time response. SANS Institute (2012).
[53]
Geoffrey Hill. 2024. Rapid Threat Model Prototyping (RTMP). https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs.
[54]
Konstantin Hypponen and Keijo MJ Haataja. 2007. “Nino” Man-in-the-Middle attack on Bluetooth Secure Simple Pairing. In 2007 3rd IEEE/IFIP International Conference in Central Asia on Internet. IEEE, 1–5.
[55]
Securin Inc. 2021. Pegasus Spyware Snoops on Political Figures Worldwide. https://www.securin.io/articles/pegasus-spyware-snoops-on-political-figures-worldwide/.
[56]
OASIS Cyber Threat Intelligence. 2024. Sharing threat intelligence just got a lot easier!https://oasis-open.github.io/cti-documentation/.
[57]
IriusRisk. 2024. IriusRisk is the industry leader in Automated threat modeling and secure software design.https://www.iriusrisk.com/.
[58]
IriusRisk. 2024. The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system. https://github.com/iriusrisk/OpenThreatModel.
[59]
Yuning Jiang, Manfred Jeusfeld, and Jianguo Ding. 2021. Evaluating the Data Inconsistency of Open-Source Vulnerability Repositories. In Proceedings of the 16th International Conference on Availability, Reliability and Security(Vienna, Austria) (ARES ’21). Association for Computing Machinery, New York, NY, USA, Article 86, 10 pages. https://doi.org/10.1145/3465481.3470093
[60]
Peter E Kaloroumakis and Michael J Smith. 2021. Toward a knowledge graph of cybersecurity countermeasures. The MITRE Corporation(2021), 11.
[61]
Adi Karahasanovic, Pierre Kleberger, and Magnus Almgren. 2017. Adapting threat modeling methods for the automotive industry. In Proceedings of the 15th ESCAR Conference. 1–10.
[62]
Vladimir Keleshev. 2024. Schema validation just got Pythonic. https://github.com/keleshev/schema.
[63]
Rafiullah Khan, Kieran McLaughlin, David Laverty, and Sakir Sezer. 2017. STRIDE-based threat modeling for cyber-physical systems. In 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe). IEEE, 1–6.
[64]
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019. IEEE, 1–19.
[65]
Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology - CRYPTO ’99(LNCS, Vol. 1666), Michael J. Wiener (Ed.). Springer, 388–397.
[66]
Barbara Kordy, Sjouke Mauw, Saša Radomirović, and Patrick Schweitzer. 2011. Foundations of attack–defense trees. In Formal Aspects of Security and Trust: 7th International Workshop, FAST 2010, Pisa, Italy, September 16-17, 2010. Revised Selected Papers 7. Springer, 80–95.
[67]
Vaibhav Garg Kristen Tan. 2022. An Analysis of Open-source Automated Threat Modeling Tools and Their Extensibility from Security into Privacy. https://www.usenix.org/publications/loginonline/analysis-open-source-automated-threat-modeling-tools-and-their
[68]
Piergiorgio Ladisa, Henrik Plate, Matias Martinez, and Olivier Barais. 2022. Taxonomy of attacks on open-source software supply chains. arXiv preprint arXiv:2204.04008(2022).
[69]
Aleksandr Lenin, Jan Willemson, and Dyan Permata Sari. 2014. Attacker profiling in quantitative security assessment based on attack trees. In Secure IT Systems: 19th Nordic Conference, NordSec 2014, Tromsø, Norway, October 15-17, 2014, Proceedings 19. Springer, 199–212.
[70]
Tong Li, Elda Paja, John Mylopoulos, Jennifer Horkoff, and Kristian Beckers. 2016. Security attack analysis using attack patterns. In 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS). 1–13. https://doi.org/10.1109/RCIS.2016.7549303
[71]
Lockheed Martin. 2022. The Cyber Kill Chain. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html.
[72]
Microsoft. 2024. Microsoft Security Development Lifecycle (SDL). https://www.microsoft.com/en-us/securityengineering/sdl/.
[73]
Microsoft. 2024. Microsoft Threat Modeling Tool threats. https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats.
[74]
Microsoft. 2024. Microsoft Threat Modeling Tool (TMT). https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool.
[75]
Mitre. 2021. CWE Most Important Hardware Weaknesses 2021. https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html.
[76]
Mitre. 2022. CWE Top 25 Most Dangerous Software Weaknesses 2022. https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html.
[77]
Mitre. 2023. CWE Top 25 Most Dangerous Software Weaknesses 2023. https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html.
[78]
Mitre. 2024. ATT&CK framework. https://attack.mitre.org/.
[79]
Mitre. 2024. ATT&CK framework GitHub project. https://github.com/mitre-attack.
[80]
Mitre. 2024. CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB). https://capec.mitre.org/data/definitions/668.html.
[81]
Mitre. 2024. Common Attack Pattern Enumerations and Classifications. https://capec.mitre.org/.
[82]
Mitre. 2024. Common Vulnerabilities and Exposures. https://www.cve.org/.
[83]
Mitre. 2024. Common Weakness Enumeration. https://cwe.mitre.org/.
[84]
Mitre. 2024. D3FEND framework. https://d3fend.mitre.org/.
[85]
Mitre. 2024. D3FEND framework GitHub project. https://github.com/d3fend.
[86]
Nicolas Moro, Amine Dehbaoui, Karine Heydemann, Bruno Robisson, and Emmanuelle Encrenaz. 2013. Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller. In FDTC. IEEE Computer Society, 77–88.
[87]
Michael Muckin and Scott C Fitch. 2014. A threat-driven approach to cyber security. Lockheed Martin Corporation(2014).
[88]
musl developers. 2024. musl libc for Linux git repository. https://git.musl-libc.org/cgit/musl.
[89]
musl developers. 2024. musl libc for Linux homepage. https://musl.libc.org/.
[90]
nccgroup. 2016. The Automotive Threat Modeling Template. https://github.com/nccgroup/The_Automotive_Threat_Modeling_Template.
[91]
Rusty Newton. 2023. Threat Modeling Example with ChatGPT. https://blog.infosec.business/how-to-use-chatgpt-to-learn-threat-modeling/.
[92]
NIST. 2017. An Introduction to Privacy Engineering and Risk Management in Federal Systems. https://csrc.nist.gov/publications/detail/nistir/8062/final.
[93]
NIST. 2024. Common Vulnerability Scoring System (CVSS). https://nvd.nist.gov/vuln-metrics/cvss.
[94]
NIST. 2024. CVSS v2 Calculator. https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator.
[95]
NIST. 2024. CVSS v3 Calculator. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator.
[96]
NIST. 2024. CVSS v4. https://www.first.org/cvss/v4-0.
[97]
openhwgroup. 2024. OpenHW Group CORE-V CV32E40S RISC-V IP. https://github.com/openhwgroup/cv32e40s.
[98]
Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache Attacks and Countermeasures: The Case of AES. In Topics in Cryptology – CT-RSA 2006, David Pointcheval (Ed.). 1–20.
[99]
OWASP. 2021. OWASP Top Ten. https://owasp.org/www-project-top-ten/.
[100]
OWASP. 2024. OWASP Threat Modeling Project. https://owasp.org/www-project-threat-model.
[101]
OWASP and Mike Goodwin. 2024. Threat Dragon is a free, open-source, cross-platform threat modeling application. https://github.com/OWASP/threat-dragon.
[102]
Shengyi Pan, Lingfeng Bao, Xin Xia, David Lo, and Shanping Li. 2023. Fine-grained Commit-level Vulnerability Type Prediction by CWE Tree Structure. In 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). 957–969. https://doi.org/10.1109/ICSE48619.2023.00088
[103]
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 565–581.
[104]
OpenCTI Platform. 2024. OpenCTI allows orgs to manage cyber threat intelligence knowledge and observables. https://github.com/OpenCTI-Platform/opencti.
[105]
MISP Project. 2024. MISP - Threat Intelligence Sharing Platform. https://github.com/MISP/MISP.
[106]
Jean-Jacques Quisquater and David Samyde. 2001. ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In E-smart(Lecture Notes in Computer Science, Vol. 2140). Springer, 200–210.
[107]
Siddharth Prakash Rao, Hsin-Yi Chen, and Tuomas Aura. 2023. Threat modeling framework for mobile communication systems. Computers & Security 125 (2023), 103047.
[108]
Xida Ren, Logan Moody, Mohammadkazem Taram, Matthew Jordan, Dean M. Tullsen, and Ashish Venkat. 2021. I See Dead μops: Leaking Secrets via Intel/AMD Micro-Op Caches. In 48th ACM/IEEE Annual International Symposium on Computer Architecture, ISCA 2021, Valencia, Spain, June 14-18, 2021. IEEE, 361–374. https://doi.org/10.1109/ISCA52012.2021.00036
[109]
Jan Ruge, Jiska Classen, Francesco Gringoli, and Matthias Hollick. 2020. Frankenstein: Advanced wireless fuzzing to exploit new Bluetooth escalation targets. In Proceedings of the 29th USENIX Conference on Security Symposium. 19–36.
[110]
Mike Ryan. 2019. Crackle: crack and decrypt BLE encryption. https://github.com/mikeryan/crackle, Accessed: 2019-07-30.
[111]
Chris Salter, O Sami Saydjari, Bruce Schneier, and Jim Wallner. 1998. Toward a secure system engineering methodolgy. In Proceedings of the 1998 workshop on New security paradigms. 2–10.
[112]
Jörn-Marc Schmidt and Christoph Herbst. 2008. A Practical Fault Attack on Square and Multiply. In FDTC. IEEE Computer Society, 53–58.
[113]
Christian Schneider. 2024. Threagile is an open-source toolkit for agile threat modeling:. https://github.com/Threagile/threagile.
[114]
Bruce Schneier. 1999. Attack trees. Dr. Dobb’s journal 24, 12 (1999), 21–29.
[115]
Bruce Schneier. 2021. Chinese Supply-Chain Attack on Computer Systems. https://www.schneier.com/blog/archives/2021/02/chinese-supply-chain-attack-on-computer-systems.html.
[116]
Intel Security. 2009. Prioritizing Information Security Risks with Threat Agent Risk Assessment. https://media10.connectedsocialmedia.com/intel/10/5725/Intel_IT_Business_Value_Prioritizing_Info_Security_Risks_with_TARA.pdf.
[117]
Ben Seri, Gregory Vishnepolsky, and Dor Zusman. 2019. BLEEDINGBIT: The hidden Attack Surface within BLE chips.
[118]
Nataliya Shevchenko. 2018. Threat Modeling: 12 Available Methods. https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/.
[119]
Nataliya Shevchenko, Timothy A Chick, Paige O’Riordan, Thomas P Scanlon, and Carol Woody. 2018. Threat modeling: a summary of available methods.
[120]
Adam Shostack. 2008. Experiences Threat Modeling at Microsoft. In CEUR Workshop.
[121]
Adam Shostack. 2014. Threat modeling: Designing for security. John Wiley & Sons.
[122]
Adam Shostack. 2023. More on GPT-3 and threat modeling. https://shostack.org/blog/more-on-gpt3/.
[123]
Sergei P. Skorobogatov and Ross J. Anderson. 2002. Optical Fault Induction Attacks. In CHES(Lecture Notes in Computer Science, Vol. 2523). Springer, 2–12.
[124]
Rock Stevens, Daniel Votipka, Elissa M Redmiles, Colin Ahern, Patrick Sweeney, and Michelle L Mazurek. 2018. The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level. In USENIX Security Symposium. 621–637.
[125]
Kristen Tan and Vaibhav Garg. 2022. An Analysis of Open-source Automated Threat Modeling Tools and Their Extensibility from Security into Privacy. https://www.usenix.org/publications/loginonline/analysis-open-source-automated-threat-modeling-tools-and-their. USENIX Login (2022).
[126]
Izar Tarandach. 2024. pytm: A Pythonic framework for threat modeling. https://github.com/izar/pytm.
[127]
Izar Tarandach and Matthew J Coles. 2021. Threat modeling: a practical guide for development teams. O’Reilly.
[128]
Google Cloud Security Team. 2023. Sec-PaLM: Supercharging security with generative AI. https://cloud.google.com/blog/products/identity-security/rsa-google-cloud-security-ai-workbench-generative-ai.
[129]
Tutamantic. 2024. Tutamen Threat Model Automator. https://www.tutamantic.com/.
[130]
Tony UcedaVelez and Marco M Morana. 2015. Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons.
[131]
Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2018. Nemesis: Studying microarchitectural timing leaks in rudimentary CPU interrupt logic. In ACM SIGSAC Conference on Computer and Communications Security (CCS). 178–195.
[132]
William E Vesely, Francine F Goldberg, Norman H Roberts, and David F Haasl. 1981. Fault tree handbook.
[133]
Maximilian von Tschirschnitz, Ludwig Peuckert, Fabian Franzen, and Jens Grossklags. 2021. Method confusion attack on Bluetooth pairing. In 2021 IEEE symposium on security and privacy (SP). IEEE, 1332–1347.
[134]
W3C. 2021. Web Authentication: An API for accessing Public Key Credentials - Level 2. https://www.w3.org/TR/webauthn/.
[135]
Cynthia Wagner, Alexandre Dulaunoy, Gérard Wagener, and Andras Iklody. 2016. MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security. ACM, 49–56.
[136]
Wojciech Wideł, Maxime Audinot, Barbara Fila, and Sophie Pinchinat. 2019. Beyond 2014: Formal Methods for Attack Tree–based Security Modeling. ACM Computing Surveys (CSUR) 52, 4 (2019), 1–36.
[137]
Jake Williams. 2020. What You Need to Know About the SolarWinds Supply-Chain Attack. https://www.sans.org/blog/what-you-need-to-know-about-the-solarwinds-supply-chain-attack/.
[138]
TMM working group. 2020. Threat Modeling Manifesto. https://www.threatmodelingmanifesto.org.
[139]
Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, and Dongyan Xu. 2020. BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy. In WOOT, USENIX Security Symposium.
[140]
Kim Wuyts, Riccardo Scandariato, and Wouter Joosen. 2014. LINDDUN privacy threat tree catalog.
[141]
Kim Wuyts, Laurens Sion, and Wouter Joosen. 2020. Linddun GO: A lightweight approach to privacy threat modeling. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 302–309.
[142]
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. IEEE Computer Society, 640–656. https://doi.org/10.1109/SP.2015.45
[143]
yaml developers. 2024. YAML: YAML Ain’t Markup Language™. https://yaml.org/.
[144]
yamllint developers. 2024. YAMLlint: the YAML validator. https://www.yamllint.com/.
[145]
Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 719–732.
[146]
Yue Zhang, Jian Weng, Rajib Dey, Yier Jin, Zhiqiang Lin, and Xinwen Fu. 2020. Breaking Secure Pairing of Bluetooth Low Energy Using Downgrade Attacks. In USENIX Security Symposium. 37–54.
Index Terms
- AttackDefense Framework (ADF): Enhancing IoT Devices and Lifecycles Threat Modeling
Recommendations
Mitigation of SQL Injection Attacks using Threat Modeling
Day after day, SQL Injection (SQLI) attack is consistently proliferating across the globe. According to Open Web Application Security Project (OWASP) Top Ten Cheat Sheet-2014, SQLI is at top in the list of online attacks. The cause of spread of SQLI is ...
Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions
SafeConfig '17: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber DefenseCurrent threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both ...
Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets
Design-level vulnerabilities are a major source of security risks in software. To improve trustworthiness of software design, this paper presents a formal threat-driven approach, which explores explicit behaviors of security threats as the mediator ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
EISSN:1558-3465
Table of ContentsCopyright © 2024 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Online AM: 08 October 2024
Accepted: 07 September 2024
Revised: 15 February 2024
Received: 15 February 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 319Total Downloads
- Downloads (Last 12 months)319
- Downloads (Last 6 weeks)77
Reflects downloads up to 13 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in