Prof. dr. ir. Frank Piessens
Frank Piessens is a professor at the Department of Computer Science of the Katholieke Universiteit Leuven, Belgium. His research interests lie in software security, including security in operating systems and middleware, architectures, applications, Java and .NET, and software interfaces to security technologies.
He is an active participant in both fundamental research and industrial application-driven projects, provides consultancy to industry on distributed system security and serves on programme committees for various security-related international scientific conferences.
Frank teaches software security at the Katholieke Universiteit Leuven, and at various academic and industrial conferences.
Security is about reducing the risk that an organization's assets are exposed to. Risk is reduced by countering the various threats to those assets. Hence, understanding the nature of the threats that a particular software system is subject to, is key to securing that software system. Threat modeling is an activity in the development process of a software system, that tries to systematically identify and document possible threats.
In this module we elaborate on the process of threat modeling. First we define the notion of threat and illustrate it with examples. We discuss the most important categories of threats in a software system, and discuss systematic techniques for discovering and documenting threats, leading to a threat model. Microsoft's STRIDE is discussed as a representative threat modeling methodology.