Threat modeling - A systematic literature review

Cyber security is attracting worldwide attention. With attacks being more and more common and often successful, no one is spared today. Threat modeling is proposed as a solution for secure application development and system security evaluations. Its aim is to be more proactive and make it more difficult for attackers to accomplish their malicious intents. However, threat modeling is a domain that lacks common ground. What is threat modeling, and what is the state-of-the-art work in this field? To answer these questions, this article presents a review of threat modeling based on systematic queries in four leading scientific databases. This is the first systematic literature review on threat modeling to the best of our knowledge. 176 articles were assessed, and 54 of them were selected for further analysis. We identified three separate clusters: (1) articles making a contribution to threat modeling, e.g., introducing a new method, (2) articles using an existing threat modeling approach, and (3) introductory articles presenting work related to the threat modeling process. The three clusters were analyzed in terms of a set of criteria, for instance: Is the threat modeling approach graphical or formal? Is it focused on a specific attack type and application? Is the contribution validated empirically or theoretically? We observe from the results that, most threat modeling work remains to be done manually, and there is limited assurance of their validations. The results can be used for researchers and practitioners who want to know the state-of-the-art threat modeling methods, and future research directions are discussed. (C) 2019 Elsevier Ltd. All rights reserved.