6533b861fe1ef96bd12c4468

RESEARCH PRODUCT

Towards Practical Cybersecurity Mapping of STRIDE and CWE — a Multi-perspective Approach

Andrei CostinTiina LeppanenAnne Honkaranta

subject

järjestelmäsuunnittelucybersecurityComputer scienceVulnerabilitySTRIDETK5101-6720cveComputer securitycomputer.software_genrethreat lifecyclestrideSoftwaretietokannattietoturvakyberturvallisuushaavoittuvuusweaknessesvulnerabilitiesScope (project management)business.industrytietokoneohjelmatTechnological innovationcwemapping automationohjelmistosuunnitteluSystems development life cycleTask analysisThreat modelTelecommunicationTask analysisManualsSystems designthreat modellingmallit (mallintaminen)ohjelmistokehitysbusinessEstimationcomputervulnerability lifecycleSoftware

description

Software vulnerabilities are identified during their whole life-cycle; some vulnerabilities may be caused by flaws on the design while other appear due to advances on the technologies around the systems. Frameworks such as OWASP are well- known and are used for testing a systems security before or after implementation, and such testing is carried out against the existing system. Threat modeling however focuses on the early stages of the system design when it is feasible and easy to fix security-related flaws and prevent possible damage caused by them. For example, STRIDE is one very popular threat modeling framework. A STRIDE threat modelling specialist deals with abstract categorizations of threats. (S)he needs to be aware of the real-life weaknesses and vulnerabilities related to the threats identified. Real-life examples of vulnerabilities provide important information for analyzing the severity and outcome of the threats as well as providing measures for the their mitigation. However, the actual security vulnerabilities are mainly collected and classified using other taxonomies such as Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE). Therefore, in real-life of cybersecurity practitioners there are multiple gaps between the threat modelling approaches (such STRIDE) and the corresponding classifications and databases (such as CWE, CVE) that are used in practice as systems are deployed and running. As a consequence, such gaps prevent the cybersecurity processes (such as DevSecOps, Secure SDLC) to be as effective as possible. This work attempts to bridge some of these gaps by exploring possible mappings between STRIDE and CWE with the goal of improving the cybersecurity processes end-to-end. The paper explores three different approaches of how the STRIDE threats could be mapped to the real-life system weaknesses within the CWE database, and discusses the findings of those three mapping trials. We show that the direct and unambiguous mapping may potentially be carried out between the STRIDE and the Technical Impact and Scope elements of the CWE entries. We also show that other mappings that seem intuitive at first are challenged by the different conceptual backgrounds between the threats and the weaknesses. The paper also discusses the challenges caused by the inherent vagueness of the items within the frameworks and the CWE, CVE databases which may still leave the mapping largely as a manual task carried out by the domain experts.

https://doi.org/10.23919/fruct52173.2021.9435453