Sammendrag
Threat modelling is a component in security risk analysis, and it is commonly conducted by applying a specific approach for discovering and modelling threats. The three main approaches for threat modelling are asset-centric, attacker-centric or software-centric. In this thesis we ask the question why one should only use just one of the three approaches, and not combine them. We then propose a method called integrated threat modelling which combines the three common threat modelling approaches. Our method presents respondents with three sets of questionnaires, where each questionnaire focuses on either the asset- centric, attacker-centric or software-centric approach. The results we gather from these questionnaires are threat scenarios represented as attack trees. Our method finally combines the results from the three approaches into a combined threat model. Following the specification of the method, we present a hypothetical cloud solution that we use in a case study to test how the integrated threat modelling approach could be applied in cloud solutions. We investigate if the integrated threat modelling approach can produce better and richer models than any other approach in isolation. With the limited amount of data collected it is challenging to judge how much the threat modelling can be improved with the use of our method. In conclusion the results show that an integrated threat modelling method can improve the threat modelling, and the study we conduct documents a proof of concept.