Methods, methodologies, and tools for threat modeling with case study
The security of each system is essential for its use. In order to make this process as successful as possible, it is advisable to develop a threat model for the system under consideration at the design stage. The purpose of the threat model is to enable the identification of security threats, by whose further analysis we can conclude which are the greatest vulnerabilities of the system and which pose the greatest risk. There exist many different approaches to threat modeling in terms of methods, methodologies, and tools. In this paper, we give an overview of those approaches and apply one of them, i.e., the most represented and mature to a specific system. A STRIDE-based methodology, software-centric method, and Microsoft Threat Modeling Tool (MTMT) mixture has been used to threat model the Web of Things (WoT)-based temperature management system which is in the design phase.