Table 4 Comparative view of various threat driven frameworks

Howard (2003)

NA

Framework consists of 3 modules:

1. Decompose application

2. Identify threats

3. Mitigate threats

After mitigation the severity is calculated only on basis of base metrics i.e.

\(W_{{n_{new} }} = \frac{{V_{i} }}{K}\)

Shrief et al. (2010)

Stochastic petri net

Framework consists of 6 modules:

1. Decompose application

2. Decomposition correction assessment

3. Identify threats

4. Mitigate threats

5. Mitigation correction assessment

6. Mitigation assessment

After mitigation the severity is calculated only in terms of base and temporal metrics i.e.

\(W_{{n_{new} }} = \frac{{V_{i} \times E\times RL\times RC}}{K}\)

Our proposed approach

Aspect oriented stochastic petri nets

Framework consists of 6 modules and threat identification is divided into sub modules.

1. Disintegrate application

2. Disintegration correction assessment

3.1. Threat identification

3.2. Identify application vulnerability

3.3. Risk assessment matrix

4. Mitigate (Attenuate) threats

5. Mitigation (Attenuation) correction assessment

6. Mitigation (Attenuation) assessment

After mitigation the severity is calculated only in terms of base, temporal and environmental metrics i.e.

\(W_{{n_{new} }} = \frac{{V_{i} \times E\times RL\times RC}}{K\times CR \times IR\times AR}\)