• DocumentCode
    33449
  • Title

    A Socio-technical Framework for Threat Modeling a Software Supply Chain

  • Author

    Al Sabbagh, Bilal ; Kowalski, Stewart

  • Volume
    13
  • Issue
    4
  • fYear
    2015
  • fDate
    July-Aug. 2015
  • Firstpage
    30
  • Lastpage
    39
  • Abstract
    A new framework performs security threat modeling for a global software supply chain. The threat modeling is based on a case study from the Swedish Armed Forces. After a review of current practices and theories for threat modeling of a software supply chain, the authors suggest a socio-technical framework for studying the software supply chain security problem from a systemic viewpoint. The framework addresses issues of modeling the target system, identifying threats, and analyzing countermeasures.
  • Keywords
    security of data; supply chains; global software supply chain; security threat modeling; socio-technical framework; software supply chain security problem; Computer security; Operating systems; Security; Social implications of technology; Supply chain management; security; social-technical approach; sociotechnical framework; software supply chain; threat modeling;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2015.72
  • Filename
    7180277
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=33449