Threat modeling framework for mobile communication systems
This work addresses the need for a unified security view in mobile communications, but it is incremental as it builds on existing literature to create a taxonomy.
The authors tackled the problem of scattered security efforts in mobile communication systems by proposing a domain-specific threat modeling framework that organizes attacks into tactics and techniques, resulting in a common taxonomy matrix for modeling adversarial behavior.
Due to the complex nature of mobile communication systems, most of the security efforts in its domain are isolated and scattered across underlying technologies. This has resulted in an obscure view of the overall security. In this work, we attempt to fix this problem by proposing a domain-specific threat modeling framework. By gleaning from a diverse and large body of security literature, we systematically organize the attacks on mobile communications into various tactics and techniques. Our framework is designed to model adversarial behavior in terms of its attack phases and to be used as a common taxonomy matrix. We also provide concrete examples of using the framework for modeling the attacks individually and comparing them with similar ones.