Enhancing IT Systems Cyber Resilience through Threat Modeling : Cyber Security Analysis of Enterprise Systems and Connected Vehicles

Abstract: Information technology (IT) systems are growing in complexity and are becoming more and more connected. Such connected systems can increase flexibility and productivity while also introducing security threats. Recent years have witnessed some of the largest, most sophisticated, and most severe cyber attacks on IT systems, which can have severe consequences for individuals and organizations, from water or energy distribution systems to online banking services. Therefore, security is a top priority for IT systems.To address these security issues proactively, threat modeling can be utilized as follows: to assess the current state of a system, and as a security-by-design tool for developing new systems. Threat models can serve as input for attack simulations, which are used for analyzing the behavior of attackers within the system. The simulation results obtained can help stakeholders to investigate in security settings that can be applied to secure their system more effectively.This thesis presents work on threat modeling for IT systems. The contributions to the field of threat modeling include a systematic literature review on threat modeling (Paper A). With regard to securing enterprise systems, the contributions include a threat modeling language for security assessment of enterprise systems (Paper B), a method for assigning probability distributions in attack simulation languages to provide more realistic simulation results (Paper C), and a method for quality assessment of threat modeling languages (Paper D). With regard to securing connected vehicles, the contributions include a proof-of-concept of an approach for securing connected vehicles using threat modeling coupled with attack simulations (Paper E), and an empirical study to explore common security vulnerabilities and software weaknesses in vehicles (Paper F).