Jan von der Assen, M. Franco, Christian Killer, Eder John Scheid, B. Stiller Computer Science Symposium in Russia, 2022
Threat Modeling is a structured process to identify critical assets in an organization and the threats posed by adversarial agents. The goal of applying such a process is to achieve a shared understanding of the inherent risks and potential counter-measures that can be put in place. In practice, threat modeling is a collaborative process combining stakeholders’ perceptions in a holistic view of the threat landscape. However, this paper points out that related work mainly focuses on adapting models to technical aspects of architectural decisions. Thus, non-technical stakeholders are not included in the process.This paper proposes CoReTM, a novel overarching approach to applying well-established threat modeling methodologies in a collaborative setting. The resulting approach allows organizations to extend threat modeling to non-technical stakeholders in an automated way while supporting on-site, remote, or hybrid operations in a synchronous or asynchronous fashion.