{"id":31536,"date":"2025-07-04T12:00:00","date_gmt":"2025-07-04T10:00:00","guid":{"rendered":"https:\/\/sii.pl\/blog\/modelowanie-zagrozen-dotyczacych-cyberbezpieczenstwa-w-systemach-wbudowanych\/"},"modified":"2025-07-04T13:46:35","modified_gmt":"2025-07-04T11:46:35","slug":"threat-modeling-for-cybersecurity-in-embedded-systems","status":"publish","type":"post","link":"https:\/\/sii.pl\/blog\/en\/threat-modeling-for-cybersecurity-in-embedded-systems\/","title":{"rendered":"Threat modeling for cybersecurity in embedded systems"},"content":{"rendered":"\n<p>Improving the cybersecurity of embedded systems requires establishing a series of processes to ensure the systems we design are secure and resilient against various types of cyberattacks. The rapid technological development of recent years has <strong>made security not just an option but a necessity.<\/strong> <\/p>\n\n\n\n<p>To secure our system, we must first analyze the weaknesses and threats that may arise in the embedded devices we design. One fundamental and highly effective technique for accomplishing this is\u00a0<strong>threat modeling<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><strong>Basic concepts<\/strong><\/strong><\/h2>\n\n\n\n<p>Threat modeling can be defined as the process of analyzing a system to identify its&nbsp;weaknesses, which may turn into&nbsp;vulnerabilities. An attacker can exploit these weaknesses to create a&nbsp;threat&nbsp;and gain unauthorized access to data. The consequences of such actions can lead to numerous dangers.<\/p>\n\n\n\n<p><strong>The goal of threat modeling is to identify weaknesses before they are exploited.<\/strong> This involves characterizing system components that need to be modified to reduce risk and increase the&nbsp;security level.<\/p>\n\n\n\n<p>In threat modeling, we view the system as a collection of components (memory, communication buses, processors, data) that work together to execute programmed logic. We then try to visualize and predict how these components and their interactions might fail and be exploited by&nbsp;threat actors. <strong>The most important aspect of threat modeling is viewing the system from the attacker&#8217;s perspective.<\/strong><\/p>\n\n\n\n<p>The process can be accelerated by answering four key questions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What are we working on?<\/li>\n\n\n\n<li>What can go wrong?<\/li>\n\n\n\n<li>What are we going to do about it?<\/li>\n\n\n\n<li>Did we do a good job?<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><strong>Why do we need threat modeling?<\/strong><\/strong><\/h2>\n\n\n\n<p>Initially, threat modeling may be seen as an additional, unclear cost. This perception stems from a lack of understanding of the long-term benefits, such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Accelerated design and development work.<\/li>\n\n\n\n<li>Simplified architecture with clearly defined security zones.<\/li>\n\n\n\n<li>Faster testing processes.<\/li>\n\n\n\n<li>Higher system security.<\/li>\n\n\n\n<li>Better understanding of potential threats by the team.<\/li>\n\n\n\n<li>Positive impact on software quality and implementation time.<\/li>\n<\/ul>\n\n\n\n<p>A properly conducted threat modeling process changes the team&#8217;s approach to security, improving understanding and implementation of security elements.<\/p>\n\n\n\n<p>We must remember that implementing security in our products is not a one-time task but a process of changing mindsets. The costs of threat modeling are significantly lower than the potential costs of a cyberattack, which embedded systems are increasingly vulnerable to.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><strong>The process<\/strong><\/strong><\/h2>\n\n\n\n<p>Threat modeling should be part of the&nbsp;<strong>secure software development lifecycle<\/strong>. If such a process hasn&#8217;t been defined yet, threat modeling should be performed during:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Device design.<\/li>\n\n\n\n<li>Software development (as a recurring activity).<\/li>\n\n\n\n<li>Preparing official software releases (new features or bug fixes).<\/li>\n<\/ul>\n\n\n\n<p>Ideally, threat modeling should be performed for each newly implemented feature to identify potential weaknesses.<\/p>\n\n\n\n<p>The time required for the first threat modeling session depends on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>System complexity.<\/li>\n\n\n\n<li>Current hardware and software state.<\/li>\n\n\n\n<li>Knowledge and experience of the team.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><strong>Steps in the threat modeling process<\/strong><\/strong><\/h3>\n\n\n\n<p>The process can be adapted to the project&#8217;s needs. Generally, it includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Create a system model<\/strong> \u2013 identify key system elements that could be attack targets or used in an attack. These include data, communication buses, system components, and external elements.<\/li>\n\n\n\n<li><strong>Decompose the system<\/strong>\u00a0\u2013 break the system into individual components, uncover logic, data\/control flow, and assess how each element affects the system. Use diagramming techniques to visualize data flow and critical elements.<\/li>\n\n\n\n<li><strong>Identify threats<\/strong>\u00a0\u2013 use one of the methodologies listed below to identify threats and possible attack paths. Describe all detected scenarios.<\/li>\n\n\n\n<li><strong>Assess threats, calculate risk, and priorities<\/strong>\u00a0\u2013 evaluate the likelihood and impact of each threat. Use a risk assessment system. The <strong>ISO\/IEC 62443 standard<\/strong> offers guidance, and the\u00a0<strong>CVSS (Common Vulnerability Scoring System)<\/strong>\u00a0is another popular method. It calculates scores based on several indicators to estimate exploitability and impact.<\/li>\n\n\n\n<li><strong>Prepare a mitigation plan<\/strong>\u00a0\u2013 based on identified threats and risks, determine how to minimize or eliminate them. The plan should consider the current product and software state. Don&#8217;t limit countermeasures to software \u2013 many hardware solutions can effectively enhance security.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><strong>Threat modeling methodologies<\/strong><\/strong><\/h2>\n\n\n\n<p>Creating and decomposing a system model is relatively straightforward. The main challenge is identifying potential threats and weaknesses.<\/p>\n\n\n\n<p>Several methodologies help with this step by providing structured guidance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><strong>Key methods:<\/strong><\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>STRIDE<\/strong>\u00a0(Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) \u2013 developed by Microsoft, categorizes threats into six types. Widely used in embedded systems.<\/li>\n\n\n\n<li><strong>DREAD<\/strong>\u00a0(Damage potential, Reproducibility, Exploitability, Affected users, Discoverability) \u2013 also from Microsoft, evaluates threats based on five criteria and helps prioritize them.<\/li>\n\n\n\n<li><strong>PASTA<\/strong>\u00a0(Process for Attack Simulation and Threat Analysis) \u2013 a risk-focused methodology with seven stages, from defining business goals to threat modeling and risk assessment.<\/li>\n\n\n\n<li><strong>TRIKE<\/strong>\u00a0\u2013 focuses on risk assessment from the asset perspective. Unlike other methods that focus on threats or vulnerabilities, TRIKE emphasizes what is being protected.<\/li>\n\n\n\n<li><strong>VAST<\/strong>\u00a0(Visual, Agile, and Simple Threat) \u2013 designed to integrate with Agile development, offering a scalable approach for both developers and security professionals.<\/li>\n\n\n\n<li><strong>OCTAVE<\/strong>\u00a0(Operationally Critical Threat, Asset, and Vulnerability Evaluation) \u2013 developed by Carnegie Mellon University, this comprehensive risk assessment methodology focuses on organizational risk and security practices.<\/li>\n<\/ul>\n\n\n\n<p>Each methodology offers unique advantages. It&#8217;s worth experimenting with different ones to achieve the best results.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><strong>Reports<\/strong><\/strong><\/h3>\n\n\n\n<p>In addition to methodologies, many organizations publish regular\u00a0threat landscape reports. These can be valuable resources for identifying threats, understanding current trends, and identifying attacker focus areas. <\/p>\n\n\n\n<p>A good example is\u00a0<a href=\"https:\/\/european-union.europa.eu\/institutions-law-budget\/institutions-and-bodies\/search-all-eu-institutions-and-bodies\/european-union-agency-cybersecurity-enisa_en\" target=\"_blank\" rel=\"noopener\" title=\"\" rel=\"nofollow\" >ENISA<\/a>\u00a0(European Union Agency for Cybersecurity), which publishes detailed annual reports on threats, trends, and countermeasures.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><strong>What are we looking for?<\/strong><\/strong><\/h2>\n\n\n\n<p>We can better identify what to focus on with a solid understanding of threat modeling. As experience grows, the process becomes faster and more intuitive.<\/p>\n\n\n\n<p>Initially, focus on areas with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Lack of protocol encryption.<\/li>\n\n\n\n<li>No authorization, login, or authentication.<\/li>\n\n\n\n<li>Unencrypted stored data.<\/li>\n\n\n\n<li>No additional authorization for accessing certain services.<\/li>\n\n\n\n<li>No data integrity checks during transmission or storage.<\/li>\n\n\n\n<li>Incorrect use of cryptography.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><strong>Standards<\/strong><\/strong><\/h2>\n\n\n\n<p>Beyond methodologies, international&nbsp;standards&nbsp;define structured processes that expand the scope of threat modeling. These standards aim to create repeatable, predictable processes with defined steps and rules.<\/p>\n\n\n\n<p>Key standards include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ISO\/SAE 21434<\/strong>\u00a0\u2013 popular in the automotive industry.<\/li>\n\n\n\n<li><strong>ISA\/IEC 62443<\/strong>\u00a0\u2013 used in general industry and IoT.<\/li>\n\n\n\n<li><strong>TS 50701<\/strong>\u00a0\u2013 used in the railway sector.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><a href=\"https:\/\/sii.pl\/en\/job-ads\/\" target=\"_blank\" rel=\"noreferrer noopener\"><img decoding=\"async\" width=\"737\" height=\"170\" src=\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2025\/05\/praca-EN-k-7.jpg\" alt=\"job offer\" class=\"wp-image-31538\" srcset=\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2025\/05\/praca-EN-k-7.jpg 737w, https:\/\/sii.pl\/blog\/wp-content\/uploads\/2025\/05\/praca-EN-k-7-300x69.jpg 300w\" sizes=\"(max-width: 737px) 100vw, 737px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><strong>Conclusion<\/strong><\/strong><\/h2>\n\n\n\n<p>Threat modeling is a process that <strong>requires continuous learning and improvement<\/strong>. With the advancement of technology and AI, new threats constantly emerge. To counter them effectively, we must enhance our skills and adapt our threat modeling processes based on new knowledge and experience.<\/p>\n\n\n\n<p>A good analogy is the classic game of cat and mouse \u2013 attackers use technology to find new ways to breach systems, and we must use the same tools to defend against them.<\/p>\n\n\n\n<p>***<\/p>\n\n\n\n<p><strong>If you&#8217;re interested in embedded systems and legal regulations, be sure to check out <\/strong><a href=\"https:\/\/sii.pl\/blog\/en\/all\/embedded-en\/\" target=\"_blank\" rel=\"noopener\" title=\"\"><strong>other articles by our experts<\/strong><\/a><strong>.<\/strong><\/p>\n\n\n<div class=\"kk-star-ratings kksr-auto kksr-align-left kksr-valign-bottom\"\n    data-payload='{&quot;align&quot;:&quot;left&quot;,&quot;id&quot;:&quot;31536&quot;,&quot;slug&quot;:&quot;default&quot;,&quot;valign&quot;:&quot;bottom&quot;,&quot;ignore&quot;:&quot;&quot;,&quot;reference&quot;:&quot;auto&quot;,&quot;class&quot;:&quot;&quot;,&quot;count&quot;:&quot;4&quot;,&quot;legendonly&quot;:&quot;&quot;,&quot;readonly&quot;:&quot;&quot;,&quot;score&quot;:&quot;5&quot;,&quot;starsonly&quot;:&quot;&quot;,&quot;best&quot;:&quot;5&quot;,&quot;gap&quot;:&quot;11&quot;,&quot;greet&quot;:&quot;&quot;,&quot;legend&quot;:&quot;5\\\/5 ( votes: 4)&quot;,&quot;size&quot;:&quot;18&quot;,&quot;title&quot;:&quot;Threat modeling for cybersecurity in embedded systems&quot;,&quot;width&quot;:&quot;139.5&quot;,&quot;_legend&quot;:&quot;{score}\\\/{best} ( {votes}: {count})&quot;,&quot;font_factor&quot;:&quot;1.25&quot;}'>\n            \n<div class=\"kksr-stars\">\n    \n<div class=\"kksr-stars-inactive\">\n            <div class=\"kksr-star\" data-star=\"1\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"2\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"3\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"4\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" data-star=\"5\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n    <\/div>\n    \n<div class=\"kksr-stars-active\" style=\"width: 139.5px;\">\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n            <div class=\"kksr-star\" style=\"padding-right: 11px\">\n            \n\n<div class=\"kksr-icon\" style=\"width: 18px; height: 18px;\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n                \n\n<div class=\"kksr-legend\" style=\"font-size: 14.4px;\">\n            5\/5 ( votes: 4)    <\/div>\n    <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Improving the cybersecurity of embedded systems requires establishing a series of processes to ensure the systems we design are secure &hellip; <a class=\"continued-btn\" href=\"https:\/\/sii.pl\/blog\/en\/threat-modeling-for-cybersecurity-in-embedded-systems\/\">Continued<\/a><\/p>\n","protected":false},"author":671,"featured_media":31069,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","inline_featured_image":false,"footnotes":""},"categories":[1319],"tags":[1623,1526,1342,1336],"class_list":["post-31536","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-soft-development","tag-standards","tag-guidebook","tag-embedded-en","tag-cybersecurity-en"],"acf":[],"aioseo_notices":[],"republish_history":[],"featured_media_url":"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2025\/05\/Cybersecurity_1.jpg","category_names":["Soft development"],"_links":{"self":[{"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/posts\/31536"}],"collection":[{"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/users\/671"}],"replies":[{"embeddable":true,"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/comments?post=31536"}],"version-history":[{"count":1,"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/posts\/31536\/revisions"}],"predecessor-version":[{"id":31540,"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/posts\/31536\/revisions\/31540"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/media\/31069"}],"wp:attachment":[{"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/media?parent=31536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/categories?post=31536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sii.pl\/blog\/en\/wp-json\/wp\/v2\/tags?post=31536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}