In an NRF-funded “Threat modeling and security control management as a service for smart nation application development” project, ISTD Associate Professor Binbin Chen, who is also holding a joint appointment as Principal Research Scientist at Advanced Digital Sciences Center (ADSC), looks to design and develop a tool that can support comprehensive threat modeling. In the project, the SUTD team works closely with partners from DBS Bank and ADSC to enable effective threat modeling and security control management of critical smart nation applications such as mobile wallets and health monitors.

“As applications are tasked to manage an increasing amount of sensitive data and to play critical roles in many aspects of our daily life, the impact of any application security incident can be devastating,” said Chen. “To ensure application security in a hostile environment, threat modeling and threat-centric security control management can play a foundational role in constructing and optimizing our cyber defense for these applications.”

Existing solutions for this type of defense are unable to capture multi-stage attacks or are unable to connect the attack to the vulnerability in time to stop it. There are also challenges in continuously advancing the cybersecurity related models as the application evolves. Unlike existing solutions, the team aims to develop a solution that will be scalable and highly automatic so as to allow it to advance with software. It will also use intuitive analytics gathered by different stakeholders to promote proper cross-organization cyber-management.

“Today’s applications are facing a fast-growing list of threats from various threat actors, including insiders, criminals, hacktivists, terrorists, and even nation states,” said Chen. “By supporting the development of applications with a solid foundation of threat modeling and security control management, we believe the expected outcomes from this proposal can fill an important gap.”

This research is supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. GC2018-NCR-0009) and administered by the National Cybersecurity R&D Directorate.