A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN

Nitin Naik; Paul Jenkins; Paul Grace; Dishita Naik; Shaligram Prajapat; Jingping Song

doi:10.1007/978-3-031-74443-3_16

A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN

Nitin Naik, Paul Jenkins, Paul Grace, Dishita Naik, Shaligram Prajapat, Jingping Song

Research output: Chapter in Book/Published conference output › Conference publication

7 Citations (SciVal)

Abstract

Novel cybersecurity threats are constantly emerging and posing significant security challenges to organisations; therefore, it is important for organisations to proactively analyse existing and emerging cybersecurity threats against their systems. Threat modelling methods are very effective in proactively analysing cybersecurity threats and enhancing organisational security policies and defence mechanisms against these cybersecurity threats. Several threat modelling methods have been proposed, and it is important for security experts to select the appropriate threat modelling method for an organisation according to their specific security challenges and cybersecurity threats. This paper will present a comparative analysis of six threat modelling methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN. It will provide a concise description of all the aforementioned threat modelling methods, and subsequently, a comparative analysis of these six threat modelling methods for highlighting their relative strengths and limitations.

Original language	English
Title of host publication	Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK: The C3AI 2024
Editors	Nitin Naik, Paul Jenkins, Shaligram Prajapat, Paul Grace
Pages	271-280
ISBN (Electronic)	978-3-031-74443-3
DOIs	https://doi.org/10.1007/978-3-031-74443-3_16
Publication status	Published - 20 Dec 2024

Publication series

Name	Lecture Notes in Networks and Systems (LNNS)
Publisher	Springer Cham
Volume	884
ISSN (Print)	2367-3370
ISSN (Electronic)	2367-3389

Access to Document

10.1007/978-3-031-74443-3_16

Cite this

Naik, N., Jenkins, P., Grace, P., Naik, D., Prajapat, S., & Song, J. (2024). A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN. In N. Naik, P. Jenkins, S. Prajapat, & P. Grace (Eds.), Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK: The C3AI 2024 (pp. 271-280). (Lecture Notes in Networks and Systems (LNNS); Vol. 884). https://doi.org/10.1007/978-3-031-74443-3_16

Naik, Nitin ; Jenkins, Paul ; Grace, Paul et al. / A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN. Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK: The C3AI 2024. editor / Nitin Naik ; Paul Jenkins ; Shaligram Prajapat ; Paul Grace. 2024. pp. 271-280 (Lecture Notes in Networks and Systems (LNNS)).

@inproceedings{b3cc9c146427473c87ac5d8510e2276b,

title = "A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN",

abstract = "Novel cybersecurity threats are constantly emerging and posing significant security challenges to organisations; therefore, it is important for organisations to proactively analyse existing and emerging cybersecurity threats against their systems. Threat modelling methods are very effective in proactively analysing cybersecurity threats and enhancing organisational security policies and defence mechanisms against these cybersecurity threats. Several threat modelling methods have been proposed, and it is important for security experts to select the appropriate threat modelling method for an organisation according to their specific security challenges and cybersecurity threats. This paper will present a comparative analysis of six threat modelling methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN. It will provide a concise description of all the aforementioned threat modelling methods, and subsequently, a comparative analysis of these six threat modelling methods for highlighting their relative strengths and limitations.",

author = "Nitin Naik and Paul Jenkins and Paul Grace and Dishita Naik and Shaligram Prajapat and Jingping Song",

year = "2024",

month = dec,

day = "20",

doi = "10.1007/978-3-031-74443-3_16",

language = "English",

isbn = "978-3-031-74442-6",

series = "Lecture Notes in Networks and Systems (LNNS)",

publisher = "Springer Cham",

pages = "271--280",

editor = "Nitin Naik and Paul Jenkins and Shaligram Prajapat and Paul Grace",

booktitle = "Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK: The C3AI 2024",

}

Naik, N, Jenkins, P, Grace, P, Naik, D, Prajapat, S & Song, J 2024, A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN. in N Naik, P Jenkins, S Prajapat & P Grace (eds), Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK: The C3AI 2024. Lecture Notes in Networks and Systems (LNNS), vol. 884, pp. 271-280. https://doi.org/10.1007/978-3-031-74443-3_16

A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN. / Naik, Nitin; Jenkins, Paul; Grace, Paul et al.
Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK: The C3AI 2024. ed. / Nitin Naik; Paul Jenkins; Shaligram Prajapat; Paul Grace. 2024. p. 271-280 (Lecture Notes in Networks and Systems (LNNS); Vol. 884).

Research output: Chapter in Book/Published conference output › Conference publication

TY - GEN

T1 - A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN

AU - Naik, Nitin

AU - Jenkins, Paul

AU - Grace, Paul

AU - Naik, Dishita

AU - Prajapat, Shaligram

AU - Song, Jingping

PY - 2024/12/20

Y1 - 2024/12/20

N2 - Novel cybersecurity threats are constantly emerging and posing significant security challenges to organisations; therefore, it is important for organisations to proactively analyse existing and emerging cybersecurity threats against their systems. Threat modelling methods are very effective in proactively analysing cybersecurity threats and enhancing organisational security policies and defence mechanisms against these cybersecurity threats. Several threat modelling methods have been proposed, and it is important for security experts to select the appropriate threat modelling method for an organisation according to their specific security challenges and cybersecurity threats. This paper will present a comparative analysis of six threat modelling methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN. It will provide a concise description of all the aforementioned threat modelling methods, and subsequently, a comparative analysis of these six threat modelling methods for highlighting their relative strengths and limitations.

AB - Novel cybersecurity threats are constantly emerging and posing significant security challenges to organisations; therefore, it is important for organisations to proactively analyse existing and emerging cybersecurity threats against their systems. Threat modelling methods are very effective in proactively analysing cybersecurity threats and enhancing organisational security policies and defence mechanisms against these cybersecurity threats. Several threat modelling methods have been proposed, and it is important for security experts to select the appropriate threat modelling method for an organisation according to their specific security challenges and cybersecurity threats. This paper will present a comparative analysis of six threat modelling methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN. It will provide a concise description of all the aforementioned threat modelling methods, and subsequently, a comparative analysis of these six threat modelling methods for highlighting their relative strengths and limitations.

UR - https://www.techrxiv.org/users/845749/articles/1234181-a-comparative-analysis-of-threat-modelling-methods-stride-dread-vast-pasta-octave-and-linddun?commit=09dec9318db01f4d93ebe23399f59c971e1681c9

UR - https://link.springer.com/chapter/10.1007/978-3-031-74443-3_16

U2 - 10.1007/978-3-031-74443-3_16

DO - 10.1007/978-3-031-74443-3_16

M3 - Conference publication

SN - 978-3-031-74442-6

T3 - Lecture Notes in Networks and Systems (LNNS)

SP - 271

EP - 280

BT - Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK: The C3AI 2024

A2 - Naik, Nitin

A2 - Jenkins, Paul

A2 - Prajapat, Shaligram

A2 - Grace, Paul

ER -

Naik N, Jenkins P, Grace P, Naik D, Prajapat S, Song J. A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN. In Naik N, Jenkins P, Prajapat S, Grace P, editors, Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK: The C3AI 2024. 2024. p. 271-280. (Lecture Notes in Networks and Systems (LNNS)). Epub 2024 Dec 19. doi: 10.1007/978-3-031-74443-3_16

A Comparative Analysis of Threat Modelling Methods: STRIDE, DREAD, VAST, PASTA, OCTAVE, and LINDDUN

Abstract

Publication series

Access to Document

Other files and links

Fingerprint

Cite this