Enhancing Cybersecurity through Comprehensive Investigation of Data Flow-Based Attack Scenarios

Enhancing Cybersecurity through Comprehensive Investigation of Data Flow-Based Attack Scenarios

Integration of the Internet of Things (IoT) in industrial settings necessitates robust cybersecurity measures to mitigate risks such as data leakage, vulnerability exploitation, and compromised information flows. Recent cyberattacks on critical industrial systems have highlighted the lack of threat...

Full description

Saved in:
Bibliographic Details
Main Authors: Sara Abbaspour Asadollah, Shamoona Imtiaz, Alireza Dehlaghi-Ghadim, Mikael Sjödin, Marjan Sirjani
Format: Article
Language:English
Published: MDPI AG 2024-10-01
Series:Journal of Cybersecurity and Privacy
Subjects:
cybersecurity
cyberattack
attack scenario
threat modeling
STRIDE
attack impact analysis
Online Access:https://www.mdpi.com/2624-800X/4/4/39
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Integration of the Internet of Things (IoT) in industrial settings necessitates robust cybersecurity measures to mitigate risks such as data leakage, vulnerability exploitation, and compromised information flows. Recent cyberattacks on critical industrial systems have highlighted the lack of threat analysis in software development processes. While existing threat modeling frameworks such as STRIDE enumerate potential security threats, they often lack detailed mapping of the sequences of threats that adversaries might exploit to apply cyberattacks. Our study proposes an enhanced approach to systematic threat modeling and data flow-based attack scenario analysis for integrating cybersecurity measures early in the development lifecycle. We enhance the STRIDE framework by extending it to include attack scenarios as sequences of threats exploited by adversaries. This extension allows us to illustrate various attack scenarios and demonstrate how these insights can aid system designers in strengthening their defenses. Our methodology prioritizes vulnerabilities based on their recurrence across various attack scenarios, offering actionable insights for enhancing system security. A case study in the automotive industry illustrates the practical application of our proposed methodology, demonstrating significant improvements in system security through proactive threat modeling and analysis of attack impacts. The results of our study provide actionable insights to improve system design and mitigate vulnerabilities.
ISSN:2624-800X

Similar Items