TY - GEN
T1 - Inspecting Software Architecture Design Styles to Infer Threat Models and Inform Likely Attacks
AU - M. Czekster, Ricardo
PY - 2024/12/20
Y1 - 2024/12/20
N2 - Software architects reason about systems according to the set of relevant quality attributes to observe aligning it to their operational objectives. They inspect properties such as usability, performance, maintainability, scalability, and security, to mention a few, to select over different design styles to maximise systems’ capabilities altogether. The idea of this work is to describe ways of leveraging Threat Modelling (TM) approaches in early architectural designs by creating models from known and document available styles. Our proposal is to comment on those models and how they are related to the system overall architecture, offering means to model re-use functioning as the set of initial considerations that could be readily adapted for capturing more complex behaviours. We surveyed TM tools and approaches, and discussed relevant architectural styles and how they could generate threat models to inform most likely attacks. Finally, we discuss how to create basic models that security officers could use to enhance their cybersecurity analysis in software-intensive systems.
AB - Software architects reason about systems according to the set of relevant quality attributes to observe aligning it to their operational objectives. They inspect properties such as usability, performance, maintainability, scalability, and security, to mention a few, to select over different design styles to maximise systems’ capabilities altogether. The idea of this work is to describe ways of leveraging Threat Modelling (TM) approaches in early architectural designs by creating models from known and document available styles. Our proposal is to comment on those models and how they are related to the system overall architecture, offering means to model re-use functioning as the set of initial considerations that could be readily adapted for capturing more complex behaviours. We surveyed TM tools and approaches, and discussed relevant architectural styles and how they could generate threat models to inform most likely attacks. Finally, we discuss how to create basic models that security officers could use to enhance their cybersecurity analysis in software-intensive systems.
KW - Attack Modelling Techniques
KW - Software Architecture Styles
KW - Threat Modelling
UR - https://link.springer.com/chapter/10.1007/978-3-031-74443-3_4
UR - http://www.scopus.com/inward/record.url?scp=85214226574&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-74443-3_4
DO - 10.1007/978-3-031-74443-3_4
M3 - Conference publication
SN - 9783031744426
T3 - Lecture Notes in Networks and Systems (LNNS)
SP - 67
EP - 81
BT - Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI, July 3–4, 2024, London, UK: The C3AI2024
A2 - Naik, Nitin
A2 - Jenkins, Paul
A2 - Prajapat, Shaligram
A2 - Grace, Paul
ER -