The ability to orchestrate and refine potential threats in a sys- tematic and scalable manner has become not just best prac- tice, but necessity. Established methodologies such as STRIDE and LINDDUN have long provided the opening notes: proce- dural frameworks that introduce key categories and encour- age early analysis. Yet, they often remain domain-agnostic, semantically shallow, and too rigid to resonate with the nu- ances of modern, multidisciplinary systems. This dissertation proposes a new paradigm for threat elicita- tion —one that is intelligent, guided, and adaptive. At its core lies SPADA, a meta-methodology. Like a musical score that structures yet enables interpretation, SPADA provides flexi- ble but rigorous guidelines for composing threat models all the way from source documents through to actionable frame- works. SPADA is demonstrated over three application do- mains: Automotive, Domotics, and (Anti-)Digital Forensics. Experiments on the integration of Natural Language Process- ing (NLP) and Large Language Models (LLMs) within SPADA show promises in enhancing the modelling process, confirm- ing vast potential for further automation in the future.
Harmony in Security and Privacy Threat Modelling: Systematic and Intelligent Elicitation
RACITI, MARIO
2026
Abstract
The ability to orchestrate and refine potential threats in a sys- tematic and scalable manner has become not just best prac- tice, but necessity. Established methodologies such as STRIDE and LINDDUN have long provided the opening notes: proce- dural frameworks that introduce key categories and encour- age early analysis. Yet, they often remain domain-agnostic, semantically shallow, and too rigid to resonate with the nu- ances of modern, multidisciplinary systems. This dissertation proposes a new paradigm for threat elicita- tion —one that is intelligent, guided, and adaptive. At its core lies SPADA, a meta-methodology. Like a musical score that structures yet enables interpretation, SPADA provides flexi- ble but rigorous guidelines for composing threat models all the way from source documents through to actionable frame- works. SPADA is demonstrated over three application do- mains: Automotive, Domotics, and (Anti-)Digital Forensics. Experiments on the integration of Natural Language Process- ing (NLP) and Large Language Models (LLMs) within SPADA show promises in enhancing the modelling process, confirm- ing vast potential for further automation in the future.| File | Dimensione | Formato | |
|---|---|---|---|
|
PhD_Thesis - MR.pdf
embargo fino al 30/06/2029
Licenza:
Tutti i diritti riservati
Dimensione
2.55 MB
Formato
Adobe PDF
|
2.55 MB | Adobe PDF |
I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/20.500.14242/374102
URN:NBN:IT:IMTLUCCA-374102