The ability to orchestrate and refine potential threats in a sys- tematic and scalable manner has become not just best prac- tice, but necessity. Established methodologies such as STRIDE and LINDDUN have long provided the opening notes: proce- dural frameworks that introduce key categories and encour- age early analysis. Yet, they often remain domain-agnostic, semantically shallow, and too rigid to resonate with the nu- ances of modern, multidisciplinary systems. This dissertation proposes a new paradigm for threat elicita- tion —one that is intelligent, guided, and adaptive. At its core lies SPADA, a meta-methodology. Like a musical score that structures yet enables interpretation, SPADA provides flexi- ble but rigorous guidelines for composing threat models all the way from source documents through to actionable frame- works. SPADA is demonstrated over three application do- mains: Automotive, Domotics, and (Anti-)Digital Forensics. Experiments on the integration of Natural Language Process- ing (NLP) and Large Language Models (LLMs) within SPADA show promises in enhancing the modelling process, confirm- ing vast potential for further automation in the future.

Harmony in Security and Privacy Threat Modelling: Systematic and Intelligent Elicitation

RACITI, MARIO
2026

Abstract

The ability to orchestrate and refine potential threats in a sys- tematic and scalable manner has become not just best prac- tice, but necessity. Established methodologies such as STRIDE and LINDDUN have long provided the opening notes: proce- dural frameworks that introduce key categories and encour- age early analysis. Yet, they often remain domain-agnostic, semantically shallow, and too rigid to resonate with the nu- ances of modern, multidisciplinary systems. This dissertation proposes a new paradigm for threat elicita- tion —one that is intelligent, guided, and adaptive. At its core lies SPADA, a meta-methodology. Like a musical score that structures yet enables interpretation, SPADA provides flexi- ble but rigorous guidelines for composing threat models all the way from source documents through to actionable frame- works. SPADA is demonstrated over three application do- mains: Automotive, Domotics, and (Anti-)Digital Forensics. Experiments on the integration of Natural Language Process- ing (NLP) and Large Language Models (LLMs) within SPADA show promises in enhancing the modelling process, confirm- ing vast potential for further automation in the future.
29-giu-2026
Inglese
Prof. Giampaolo Bella (Università degli Studi di Catania)
Scuola IMT Alti Studi di Lucca
Lucca, Italy
256
File in questo prodotto:
File Dimensione Formato  
PhD_Thesis - MR.pdf

embargo fino al 30/06/2029

Licenza: Tutti i diritti riservati
Dimensione 2.55 MB
Formato Adobe PDF
2.55 MB Adobe PDF

I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14242/374102
Il codice NBN di questa tesi è URN:NBN:IT:IMTLUCCA-374102