Approach to Object Oriented Threat Modeling

To improve trustworthiness of software design,this paper presents an object oriented threat modeling approach.This approach captures not only threats existed in data flow,but also threats existed in control flow.To precisely evaluate threats,this approach adopts an attack path based evaluation method in terms of cost-effectiveness.According to the evaluation results,mitigation measures are designed and prioritized.Applying the mitigation measures to the design of software can effectively mitigate threats and enhance the security of applications.An object oriented threat modeling tool is implemented.A case study is given to demonstrate the approach.