Value-Adaptive Security Threat Modeling and Vulnerability Ranking

摘要

Among others, techniques and systems are disclosed for analyzing security threats associated with software and computer vulnerabilities. Stakeholder values relevant for a software system are identified. The identified stakeholder values are quantified using a quantitative decision making approach to prioritize vulnerabilities of the software system. A structured attack graph is generated to include the quantified stakeholder values to define a scalable framework to evaluate attack scenarios. The structured attack graph includes two or more nodes. Based on the generated structured attack graph, structured attack paths are identified with each attack path representing each attack scenario.