Automating Threat Modeling: Securing the Future of IoT and Cyber Systems

This thesis introduces an innovative approach to automating threat modeling , specifically designed to address the security challenges of IoT and cyber systems. Recognizing the increasing complexity of these systems, the study seeks to overcome the limitations of traditional methodologies, which often require deep cybersecurity expertise and are time-consuming to implement. The proposed method focuses on automation, making threat modeling more accessible to a broader range of users, including engineers and developers who may not possess extensive security knowledge.

This work not only introduces a novel method but also provides a comprehensive analysis of existing threat modeling methodologies. Insights are drawn from both academic literature and industry practices. The analysis thoroughly examines the current landscape of threat modeling approaches, exploring their strengths, weaknesses, and areas where they fall short—particularly in terms of scalability and adaptability to evolving technologies. By situating the proposed method within this broader context, the thesis demonstrates how it advances beyond existing solutions to offer a more efficient and user-friendly framework for identifying and mitigating threats.

The technology-centric approach adopted in this method ensures thorough coverage of system vulnerabilities, while its device-centric focus is particularly suited to IoT and cyber-physical systems, which often face unique security challenges. The methodology was tested on real-world IoT devices, showcasing its potential to streamline the threat identification process while maintaining robust security. By integrating automation, the approach reduces the time and resources required for effective threat modeling, while also minimizing human error.

Furthermore, the thesis identifies key areas for future development, emphasizing the need for continuous updates to handle emerging threats in interconnected systems. This work sets the stage for further research into fully automating the threat modeling process and adapting it to the rapidly evolving landscape of IoT, AI, and other advanced technologies.

In summary, this thesis bridges the gap between technical complexity and practical application, offering a scalable, automated solution possibility for the future that makes threat modeling more intuitive, comprehensive, and adaptable to the needs of modern cybersecurity.. . .