Open this publication in new window or tab >>Show others...
2024 (English)In: Journal of Cybersecurity and Privacy, E-ISSN 2624-800X, Vol. 4, no 4, p. 823-852Article in journal (Refereed) Published
Abstract [en]
Integration of the Internet of Things (IoT) in industrial settings necessitates robust cybersecurity measures to mitigate risks such as data leakage, vulnerability exploitation, and compromised information flows. Recent cyberattacks on critical industrial systems have highlighted the lack of threat analysis in software development processes. While existing threat modeling frameworks such as STRIDE enumerate potential security threats, they often lack detailed mapping of the sequences of threats that adversaries might exploit to apply cyberattacks. Our study proposes an enhanced approach to systematic threat modeling and data flow-based attack scenario analysis for integrating cybersecurity measures early in the development lifecycle. We enhance the STRIDE framework by extending it to include attack scenarios as sequences of threats exploited by adversaries. This extension allows us to illustrate various attack scenarios and demonstrate how these insights can aid system designers in strengthening their defenses. Our methodology prioritizes vulnerabilities based on their recurrence across various attack scenarios, offering actionable insights for enhancing system security. A case study in the automotive industry illustrates the practical application of our proposed methodology, demonstrating significant improvements in system security through proactive threat modeling and analysis of attack impacts. The results of our study provide actionable insights to improve system design and mitigate vulnerabilities.
Place, publisher, year, edition, pages
Multidisciplinary Digital Publishing Institute (MDPI), 2024
Keywords
attack impact analysis, attack scenario, cyberattack, cybersecurity, cyber–physical system (CPS), STRIDE, threat modeling
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-70692 (URN)10.3390/jcp4040039 (DOI)001466767400001 ()2-s2.0-85213453148 (Scopus ID)
Note
Article; Export Date: 31 March 2025; Cited By: 0; Correspondence Address: S. Abbaspour Asadollah; School of Innovation, Design and Engineering, Mälardalen University, Västerås, 721 23, Sweden; email: sara.abbaspour@mdu.se
2025-04-012025-04-012025-04-23Bibliographically approved