REFSQ 2023

Cyber-physical systems, like modern cars and industrial automation systems, are highly connected and complex. Their various interconnections open interfaces for attackers, and their complexity increases the risk of undetected security vulnerabilities. Hence, an important part of requirements engineering is threat modeling. It is a means to elicit security assets, goals, and assumptions, and to derive required security controls. Effective threat modeling needs a systematic workshop setup. In this paper, we report our experiences and lessons learned from threat modeling workshops that we conducted with industry partners from the domains of industrial automation, health care, smart home, and automotive. In conclusion, we derive a set of open challenges.

Roman Trentinaglia (Fraunhofer IEM) will present the paper "Eliciting Security Requirements - an Experience Report".