Abstract
Threat modeling is an essential activity in the security development lifecycle. To provide security at the design phase of software development, Microsoft introduced threat modeling stride to identify the vulnerabilities and attacks of application. An efficient solution is necessary to deal with these issues in the software development life cycle. In this context, the paper focused on the analysis of threats and attack tree techniques that are traditionally available and frequently used. Automated Threat modeling enables to simulate attacks and visualized the existing vulnerabilities and misconfiguration. A hybrid model is proposed based on system-centric and attacker-centric to identify the threats in the software application during the software design phase. This model is built by STRIDE by defining security architecture and then analyzed the risks regarding its security characteristics and applied to its real application system. Our model is applied in a case study of the health center management system and shows a better result is identifying the threats and severity in the design phase. And also attack tree defines the stages of threats to understand the severity.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
