Threat modeling of large-scale computer systems : Implementing and evaluating threat modeling at Company X

Sammanfattning: Threat modeling is a growing field in cyber security. As computer systems grow larger and more complicated, the understanding of how to model and protect these systems becomes ever more important. Threat modeling is a method well suited for this task. The two primary motivations behind this research is to strengthen the cyber security at Company X and help the development of threat modeling, which in turn can help strengthen the field of cyber security. The main question that is investigated is what results can be achieved from the KTH Threat Modeling Method applied to specific systems used by Company X. This question is answered by implementing the method on the specified systems. The experience and the result of the implementation of the model are then used to evaluate the threat model method. The produced model implies that the biggest risk in the investigated systems are the Connected Smoke Sensor and the Smart Meter which measures water and electricity usage. Some of the given recommendations are to create protections against SQL-injection by keeping the systems up to date and to validate input. The main impression from implementing the threat model method on Company X is that the method is easy to use, learn and to understand. Another result was that the more information one has about the systems used in the IT-infrastructure being investigated, the more precise the threat model can become. The method is ideally used with focus on pure, interconnected software implementations, rather than modeling several non-connected systems in a single iteration of the method, which is what this report does. In order to teach and spread the method easier, a comprehensive written source such as a book could be utilized. To improve the method itself, the inclusion of automated attack simulation and modeling tools is suggested. Lastly, the KTH Threat Modeling Method is an iterative process, which can and should be improved by continuously iterating over the model going more in depth by every step. The body of work presented in this report is a first iteration of this ongoing process. The findings of this report point to the fact that while the KTH threat modeling method is already a mature method fully able to produce meaningful threat modeling results, there are still aspects that could be improved or added which would increase the overall strength of the method.