Towards Automating a Risk-First Threat Analysis Technique

Abstract

During the past decade, secure software design techniques have found their way into the software development lifecycle. In this context, threat modeling (or analysis) methodologies are used to systematically identify threats in the design phase of software development. However, threat modeling is often performed manually, which is time-consuming and errorprone. An existing methodology called eSTRIDE tries to solve the problem of high manual effort by introducing security related enrichment’s to the software architecture models and by introducing reductions during the analysis. But the lack of tool support may counteract the advantages of using the methodology. Therefore, the aim of this work is to find out how to support semi-automation of eSTRIDE.We have produced a prototype tool using the design science research methodology, which allows the user to create or modify an extended Data Flow Diagram of their system and perform eSTRIDE. A workshop with ten participants was used to evaluate the tool. We studied the average precision, recall and productivity of the analysis results. Finally, we found the perceived usability of the tool, which was mostly positive.