Joonhyuk Park (School of Cybersecurity, Korea University), Jiwon Kwak (School of Cybersecurity, Korea University), Geunwoo Baek (School of Cybersecurity, Korea University), Dohee Kang (School of Cybersecurity, Korea University), Seungjoo Kim (School of Cybersecurity, Korea University)

The increasing significance of space-system cybersecurity in the space industry underscores the necessity of moving beyond development paradigms based on security by obscurity. Consequently, international standards such as ISO 20517 recommend the use of threat modeling to ensure security when developing space systems. Because manual threat modeling is time-consuming, it has motivated substantial research into the development of automated tools. Despite this interest, automated threat modeling tools specialized for the space domain remain scarce. Therefore, this paper proposes an automated threat modeling tool for the space domain by enhancing the Microsoft Threat Modeling Tool (MS-TMT). The tool was developed by integrating the Aerospace SPARTA matrix and the D3FEND knowledge base into MS-TMT. To evaluate its effectiveness, we conducted a case study involving four space-system security incidents, including the Viasat hacking. In the absence of existing satellite-specific threat modeling tools, we selected SecOpsTM as a comparative baseline because it is an automated threat modeling tool that identifies threats in a manner conceptually similar to our approach, enabling a fair and meaningful comparison. The quantitative evaluation demonstrated that our tool achieved an accuracy of 100%, whereas SecOpsTM achieved an average accuracy of 54%.

View More Papers

Mapping the Cloud: A Mixed-Methods Study of Cloud Security...

Sumair Ijaz Hashmi (CISPA Helmholtz Center for Information Security, Germany, Saarland University, Germany and Lahore University of Management Sciences (LUMS), Pakistan), Shafay Kashif (The University of Auckland, New Zealand and Lahore University of Management Sciences (LUMS), Pakistan), Lea Gröber (International Computer Science Institute (ICSI), USA and Lahore University of Management Sciences (LUMS), Pakistan), Katharina Krombholz…

Read More

HELIOS: Hierarchical Graph Abstraction for Structure-Aware LLM Decompilation

Yonatan Gizachew Achamyeleh (University of California, Irvine), Harsh Thomare (University of California, Irvine), Mohammad Abdullah Al Faruque (University of California, Irvine)

Read More

Shadow in the Cache: Unveiling and Mitigating Privacy Risks...

Zhifan Luo (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Shuo Shao (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Su Zhang (Huawei Technology), Lijing Zhou (Huawei Technology), Yuke Hu (State Key Laboratory of Blockchain and Data Security, Zhejiang University), Chenxu Zhao (State Key Laboratory of Blockchain and Data Security, Zhejiang…

Read More