Last day of the OFFER FLAT 20% off & $20 sign up bonus Order Now

Last day of the offer FLAT 20% off & $20 sign up bonus

us

Free Resources

  • icon 75000+ Completed Assignments
  • icon 1500+ PhD Experts
  • icon 100+ Subjects we cater
  • icon 100% Secure Payment

ISOL536 Security Architecture and Design

Published : 29-Aug,2021  |  Views : 10

Question:

Write about the descriptive study of Microsoft’s threat modeling technique.

Answer:

The paper focuses on descriptive study of Microsoft’s threat modeling technique. According to Scandariato, Wuyts and Joosen (2015) Microsoft STRIDE is one of the threat modeling technique that is helpful in discovering various security weaknesses of different types of software systems.   It is considered that threat modeling is one of the significant activities in the security of the software. It generally helps in guiding the analyst of security for discovering different types of actions that is might performed by the malicious agents for misusing different types of software system. One of the most significant as well as popular methodology is Microsoft’s STRIDE for threat modeling that is utilized on various products of Microsoft. It is generally endorsed by various secure software systems that include OWASP’s CLASP, Touchpoints as well as Microsoft’s SDL. The author reflects that threat modeling is generally utilized for analyzing the soundness of software architecture in order to spott different types of flaws.

 It is analyzed that STRIDE is one of the subject of the ongoing research. This technique is generally augmented by OWASP for making it much more applicable in the domain of mobile applications. Further, its utilization is extended for analyzing privacy. Finally, STRIDE is adopted by the researchers for various types of system models.  The author reflects that despite of the successful adoption of STRIDE, no empirical study was mainly conducted for quantifying both the effectiveness as well as cost of STRIDE. The main contribution of this paper is to evaluate STRIDE with the help of appropriate descriptive study that generally requires involvement of 57 students in the course of computer science (Scandariato, Wuyts  & Joosen, 2015).  Three research questions are addressed by the researcher in this paper, which helps in assessing the valid threats that are generally produced in an hour. The next research question evaluates the accuracy of the analysis that generally consequences by analyzing the appropriate number of false positives. Finally, it also helps in determining the correctness of various analyses that it is mainly resulted due to the quantity of false negatives that is generally the threats that are overlooked. The author elaborates the study which is conducted is instrumental that further helps in understanding the technique that eventually formulates various types of research hypotheses which are investigated by means of various types of comparative experiments. The procedure of threat modeling includes modeling of the system with the help of various types of data flow diagram, mapping different types of DFD elements for categorization threats, drawing the threat, documenting various types of threats and then proving appropriate tool support (Scandariato, Wuyts  & Joosen, 2015). It is concluded that STRIDE is not too much complicated to study as well as accomplish but is very much time-consuming. However, various types of threats go unnoticed during various type of analysis. The results that are generally presented are mainly obtained for the software system, which include security specific mechanism. The author elaborates the findings by reflecting that STRIDE is one of the techniques, which are generally analyzed as hard, but the average number of various types of incorrect threat is low in comparison to average number of overlooked threats.

References

Scandariato, R., Wuyts, K., & Joosen, W. (2015). A descriptive study of Microsoft’s threat modeling technique. Requirements Engineering, 20(2), 163-180

Our Amazing Features

delivery

No missing deadline risk

No matter how close the deadline is, you will find quick solutions for your urgent assignments.

work

100% Plagiarism-free content

All assessments are written by experts based on research and credible sources. It also quality-approved by editors and proofreaders.

time

500+ subject matter experts

Our team consists of writers and PhD scholars with profound knowledge in their subject of study and deliver A+ quality solution.

subject

Covers all subjects

We offer academic help services for a wide array of subjects.

price

Pocket-friendly rate

We care about our students and guarantee the best price in the market to help them avail top academic services that fit any budget.

Not sure yet?

Get in touch with us or

get free price quote.

Get A Free Quote