Author:

Keywords:

Science & Technology, Technology, Computer Science, Information Systems, Computer Science, Software Engineering, Computer Science, Secure software, Empirical study, Threat modeling, STRIDE, Anti-requirements, SECURITY REQUIREMENTS, TROPOS, 0803 Computer Software, 0806 Information Systems, Software Engineering, 4612 Software engineering

Abstract:

Microsoft's STRIDE is a popular threat modeling technique commonly used to discover the security weaknesses of a software system. Despite its successful adoption, to date no empirical study has been carried out to quantify its cost and effectiveness. The contribution of this paper is the evaluation of STRIDE via a descriptive study that involved 57 students in their last master year in computer science. The study addresses three research questions. First, it assesses how many valid threats per hour are produced on average. Second, it evaluates the correctness of the analysis results by looking at the average number of false positives, i.e., the incorrect threats. Finally, it determines the completeness of the analysis results by looking at the average number of false negatives, i.e., the overlooked threats.