Threat Modeling in Agile Software Development

Threat modeling is a way to get an overview of possible attacks against your systems. The advantages of threat modeling include tackling security problems early, improved risk assessments, and more effective security testing. There will always be limited resources available for security, and threat modeling will allow you to focus on the most important areas first. There is no one single “correct” way of doing threat modeling, and “agile” is no excuse for not doing it. This chapter describes the authors' experiences with doing threat modeling with agile development organizations, outlining challenges to be faced and pitfalls to be avoided.

Pemodelan Ancaman Sistem Keamanan E-Health menggunakan Metode STRIDE dan DREAD

The Hospital Management Information System (SIMRS) functions as a medium for hospital information and hospital management. There are patient medical record data, which is the result of interactions between doctors and sufferer. Medical records are sensitive data so that the security of the hospital management information system needs to be improved to convince users or patients that the data stored on SIMRS is safe at attackers. There are several ways to improve system security, one of which is by threat modeling. Threat modeling aims to identify vulnerabilities and threats that exist in SIMRS. In this paper, threat modeling will use the STRIDE-model. The recognition with the STRIDE-model will then be analyzed and sorted according to the modeling with the STRIDE method. After the analysis is complete, it will be calculated and given a rating based on the DREAD method's assessment. The STRIDE method's results show that there are several threats identified, such as there is one threat on the user side, the webserver is five threats, and the database is three threats. The level of the threat varies from the lowest-level (LowL) to the highest-level (HiL). Based on the threat level, it can be a guide and sequence in improving and improving the security system at SIMRS, starting from the LowL to the HiL.

Threat Model for Secure Health Care Data Using EMR, EHR and Health Monitoring Devices

The main aim of this project is to propose a threat modeling framework that promotes the security of health care services. The threat model is used to analyze the cyber threats that makes the electronic health monitoring devices vulnerable to a cyber-attack. The model also helps in strengthening the security of the software-based web applications like EMR and EHR used in a health care organization. The information assets are identified and the threat agents are eliminated considering the software, web application and monitoring devices as attack surface. The major goal of this threat model is to analyze and establish the trust boundaries in the OpenEMR that render a secure data transmission. We use a STRIDE threat model and a DFD based approach using the OWASP threat modeling tool. The SIEM tools provide a continuous security methodology to document the process and result.

A hybrid threat model for system-centric and attack-centric for effective security design in SDLC

Threat modeling is an essential activity in the security development lifecycle. To provide security at the design phase of software development, Microsoft introduced threat modeling stride to identify the vulnerabilities and attacks of application. An efficient solution is necessary to deal with these issues in the software development life cycle. In this context, the paper focused on the analysis of threats and attack tree techniques that are traditionally available and frequently used. Automated Threat modeling enables to simulate attacks and visualized the existing vulnerabilities and misconfiguration. A hybrid model is proposed based on system-centric and attacker-centric to identify the threats in the software application during the software design phase. This model is built by STRIDE by defining security architecture and then analyzed the risks regarding its security characteristics and applied to its real application system. Our model is applied in a case study of the health center management system and shows a better result is identifying the threats and severity in the design phase. And also attack tree defines the stages of threats to understand the severity.