Extending STPA with STRIDE to identify cybersecurity loss scenarios

Abstract

Analyzing safety and security together in the concept stage of system development can reduce redundant work and inconsistency in the identification of safety and security requirements. STPA is a safety analysis technique that also allows analyzing security concerns. STPA does not employ threat models to identify loss scenarios. Threat models allow identifying, enumerating, and prioritizing potential threats from a hypothetical attacker's point of view. STRIDE is a widely employed threat model for identifying computer security threats. In this paper, we extend STPA with the STRIDE threat model to identify security loss scenarios and security requirements. We evaluate our approach in an example. The proposed STPA extension allowed performing a more complete analysis in the concept stage.