📝 SummarXiv

Abstract

Security risk assessment is essential in establishing the trustworthiness and reliability of modern systems. While various security risk assessment approaches exist, prevalent applications are "pen and paper" implementations that -- even if performed digitally using computers -- remain prone to authoring mistakes and inconsistencies. Computer-aided design approaches can transform security risk assessments into more rigorous and sustainable efforts. This is of value to both industrial practitioners and researchers, who practice security risk assessments to reflect on systems' designs and to contribute to the discipline's state-of-the-art. In this article, we report the application of a model-based security design tool to reproduce a previously reported security assessment. The main contributions are: 1) an independent attempt to reproduce a refereed article describing a real security risk assessment of a system; 2) comparison of a new computer-aided application with a previous non-computer-aided application, based on a published, real-world case study; 3) a showcase for the potential advantages -- for both practitioners and researchers -- of using computer-aided design approaches to analyze reports and to assess systems.