Sciweavers

ICSE
2007
IEEE-ACM

Stakeholder Value Driven Threat Modeling for Off the Shelf Based Systems

14 years 3 months ago
Stakeholder Value Driven Threat Modeling for Off the Shelf Based Systems
er abstract summarizes the Threat Modeling method based on Attacking Path Analysis (T-MAP) which quantifies and prioritizes security threats by calculating the total severity weights of relevant attacking paths for Commercial Off The Shelf (COTS) based systems. Compared to existing approaches, T-MAP is dynamic and sensitive to system stakeholder value priorities and IT environment. It distills the technical details of thousands of relevant software vulnerabilities into management-friendly numbers at a high-level. In its initial usage in a large IT organization, T-MAP has demonstrated significant strength in COTS vulnerability prioritizing and estimating security investment effectiveness, as well as COTS security assessment in early project life-cycle. Furthermore, a software tool has been developed to automate the T-MAP.
Yue Chen
Added 09 Dec 2009
Updated 09 Dec 2009
Type Conference
Year 2007
Where ICSE
Authors Yue Chen
Comments (0)