kth.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards Measuring Test Coverage of Attack Simulations
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0003-0478-9347
2021 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Designing secure and reliable systems is a difficult task. Threat modeling is a process that supports the secure design of systems by easing the understanding of the system’s complexity, as well as identifying and modeling potential threats. These threat models can serve as input for attack simulations, which are used to analyze the behavior of attackers within the system. To ensure the correct functionality of these attack simulations, automated tests are designed that check if an attacker can reach a certain point in the threat model. Currently, there is no way for developers to estimate the degree to which their tests cover the attack simulations and, thus, they cannot the determine the quality of their tests. To resolve this shortcoming, we analyze structural testing methods from the software engineering domain and transfer them to the threat modeling domain by following an Action Design Research approach. Further, we develop a first prototype, which is able to assess the test coverage in an automated way. This will enable threat modeler to determine the quality of their tests and, simultaneously, increase the quality of the threat models.
Place, publisher, year, edition, pages
Springer International Publishing , 2021. p. 303-317
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-297598DOI: 10.1007/978-3-030-79186-5_20Scopus ID: 2-s2.0-85111859148OAI: oai:DiVA.org:kth-297598DiVA, id: diva2:1569536
Conference
Enterprise, Business-Process and Information Systems Modeling
Note

QC 20210623

Available from: 2021-06-20 Created: 2021-06-20 Last updated: 2022-12-20Bibliographically approved

Open Access in DiVA

fulltext(456 kB)306 downloads
File information
File name FULLTEXT01.pdfFile size 456 kBChecksum SHA-512
c1757699202dcf05e253036ad6fb32389750868a2480f4e7c2ca19f9c45a25942740ceb781fae8ccd45e0650817c6b835f53df56774901015b31a2a3d9ced4a0
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Hacks, Simon

Search in DiVA

By author/editor
Hacks, Simon
By organisation
Network and Systems Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 306 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 232 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub