The ability to orchestrate and refine potential threats in a sys- tematic and scalable manner has become not just best prac- tice, but necessity. Established methodologies such as STRIDE and LINDDUN have long provided the opening notes: proce- dural frameworks that introduce key categories and encour- age early analysis. Yet, they often remain domain-agnostic, semantically shallow, and too rigid to resonate with the nu- ances of modern, multidisciplinary systems. This dissertation proposes a new paradigm for threat elicita- tion —one that is intelligent, guided, and adaptive. At its core lies SPADA, a meta-methodology. Like a musical score that structures yet enables interpretation, SPADA provides flexi- ble but rigorous guidelines for composing threat models all the way from source documents through to actionable frame- works. SPADA is demonstrated over three application do- mains: Automotive, Domotics, and (Anti-)Digital Forensics. Experiments on the integration of Natural Language Process- ing (NLP) and Large Language Models (LLMs) within SPADA show promises in enhancing the modelling process, confirm- ing vast potential for further automation in the future.

Harmony in Security and Privacy Threat Modelling: Systematic and Intelligent Elicitation / Raciti, M.. - (2026 Jun 29). [10.13118/mario-raciti_phd2026-06-29]

Harmony in Security and Privacy Threat Modelling: Systematic and Intelligent Elicitation

Mario Raciti
2026

Abstract

The ability to orchestrate and refine potential threats in a sys- tematic and scalable manner has become not just best prac- tice, but necessity. Established methodologies such as STRIDE and LINDDUN have long provided the opening notes: proce- dural frameworks that introduce key categories and encour- age early analysis. Yet, they often remain domain-agnostic, semantically shallow, and too rigid to resonate with the nu- ances of modern, multidisciplinary systems. This dissertation proposes a new paradigm for threat elicita- tion —one that is intelligent, guided, and adaptive. At its core lies SPADA, a meta-methodology. Like a musical score that structures yet enables interpretation, SPADA provides flexi- ble but rigorous guidelines for composing threat models all the way from source documents through to actionable frame- works. SPADA is demonstrated over three application do- mains: Automotive, Domotics, and (Anti-)Digital Forensics. Experiments on the integration of Natural Language Process- ing (NLP) and Large Language Models (LLMs) within SPADA show promises in enhancing the modelling process, confirm- ing vast potential for further automation in the future.
29-giu-2026
38
CYSEC
Prof. Giampaolo Bella (Università degli Studi di Catania)
File in questo prodotto:
File Dimensione Formato  
PhD_Thesis - MR.pdf

embargo fino al 30/06/2029

Tipologia: Tesi di dottorato
Licenza: Creative commons
Dimensione 2.55 MB
Formato Adobe PDF
2.55 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.11771/42538
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • OpenAlex ND
social impact