TY - GEN
T1 - Evaluating the Effectiveness of Stride for Threat Modeling in Healthcare Internet-Of-Things
T2 - 13th International Conference in Software Engineering Research and Innovation, CONISOFT 2025
AU - Van Raamsdonk, Jason
AU - Portillo-Dominguez, A. Omar
AU - Ayala-Rivera, Vanessa
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - The rapid adoption of IoT has introduced novel security challenges. Although IoT testing is effective in uncovering vulnerabilities, it typically occurs late in the development lifecycle. Thus, threat modeling is a good option to for identifying and mitigating risks early on. Although the potential for danger in IoT is high, conventional security models cannot fully capture the risks specific to such ecosystems. To address this challenge, our paper presents a case study to assess the effectiveness of threat modeling frameworks in identifying IoTspecific security threats. This is done by applying the OWASP threat modeling methodology with STRIDE to systematically identify potential threats in a healthcare IoT ecosystem. We then compare the results with real-life examples of IoT vulnerabilities to derive actionable recommendations for strengthening threat-modeling. Our results offer valuable insights to practitioners to understand the capabilities, strengths, and limitations of using STRIDE for identifying IoT-specific threats.
AB - The rapid adoption of IoT has introduced novel security challenges. Although IoT testing is effective in uncovering vulnerabilities, it typically occurs late in the development lifecycle. Thus, threat modeling is a good option to for identifying and mitigating risks early on. Although the potential for danger in IoT is high, conventional security models cannot fully capture the risks specific to such ecosystems. To address this challenge, our paper presents a case study to assess the effectiveness of threat modeling frameworks in identifying IoTspecific security threats. This is done by applying the OWASP threat modeling methodology with STRIDE to systematically identify potential threats in a healthcare IoT ecosystem. We then compare the results with real-life examples of IoT vulnerabilities to derive actionable recommendations for strengthening threat-modeling. Our results offer valuable insights to practitioners to understand the capabilities, strengths, and limitations of using STRIDE for identifying IoT-specific threats.
KW - IoT
KW - Secure Software Engineering
KW - STRIDE
KW - Threat Modeling
UR - https://www.scopus.com/pages/publications/105034768373
U2 - 10.1109/CONISOFT66928.2025.00028
DO - 10.1109/CONISOFT66928.2025.00028
M3 - Conference contribution
AN - SCOPUS:105034768373
T3 - Proceedings - 2025 13th International Conference in Software Engineering Research and Innovation, CONISOFT 2025
SP - 139
EP - 148
BT - Proceedings - 2025 13th International Conference in Software Engineering Research and Innovation, CONISOFT 2025
A2 - Juarez-Ramirez, Reyes
A2 - Fernandez y Fernandez, Carlos
A2 - Jimenez, Samantha
A2 - Ramirez-Noriega, Alan
A2 - Guerra-Garcia, Cesar
A2 - Sandoval, Guillermo Licea
A2 - Hernandez-Ocharan, Jorge Octavio
A2 - Aispuro-Felix, Elvia
A2 - Kumar, Abhishek
A2 - Pastrana Pardo, Manuel Alejandro
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 27 October 2025 through 31 October 2025
ER -