The ability to orchestrate and refine potential threats in a sys- tematic and scalable manner has become not just best prac- tice, but necessity. Established methodologies such as STRIDE and LINDDUN have long provided the opening notes: proce- dural frameworks that introduce key categories and encour- age early analysis. Yet, they often remain domain-agnostic, semantically shallow, and too rigid to resonate with the nu- ances of modern, multidisciplinary systems. This dissertation proposes a new paradigm for threat elicita- tion —one that is intelligent, guided, and adaptive. At its core lies SPADA, a meta-methodology. Like a musical score that structures yet enables interpretation, SPADA provides flexi- ble but rigorous guidelines for composing threat models all the way from source documents through to actionable frame- works. SPADA is demonstrated over three application do- mains: Automotive, Domotics, and (Anti-)Digital Forensics. Experiments on the integration of Natural Language Process- ing (NLP) and Large Language Models (LLMs) within SPADA show promises in enhancing the modelling process, confirm- ing vast potential for further automation in the future.
Harmony in Security and Privacy Threat Modelling: Systematic and Intelligent Elicitation / Raciti, M.. - (2026 Jun 29). [10.13118/mario-raciti_phd2026-06-29]
Harmony in Security and Privacy Threat Modelling: Systematic and Intelligent Elicitation
Mario Raciti
2026
Abstract
The ability to orchestrate and refine potential threats in a sys- tematic and scalable manner has become not just best prac- tice, but necessity. Established methodologies such as STRIDE and LINDDUN have long provided the opening notes: proce- dural frameworks that introduce key categories and encour- age early analysis. Yet, they often remain domain-agnostic, semantically shallow, and too rigid to resonate with the nu- ances of modern, multidisciplinary systems. This dissertation proposes a new paradigm for threat elicita- tion —one that is intelligent, guided, and adaptive. At its core lies SPADA, a meta-methodology. Like a musical score that structures yet enables interpretation, SPADA provides flexi- ble but rigorous guidelines for composing threat models all the way from source documents through to actionable frame- works. SPADA is demonstrated over three application do- mains: Automotive, Domotics, and (Anti-)Digital Forensics. Experiments on the integration of Natural Language Process- ing (NLP) and Large Language Models (LLMs) within SPADA show promises in enhancing the modelling process, confirm- ing vast potential for further automation in the future.| File | Dimensione | Formato | |
|---|---|---|---|
|
PhD_Thesis - MR.pdf
embargo fino al 30/06/2029
Tipologia:
Tesi di dottorato
Licenza:
Creative commons
Dimensione
2.55 MB
Formato
Adobe PDF
|
2.55 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.


