ABSTRACT

Creating a set of comprehensive security requirements is the rst step for implementing the necessary protocols to prevent, detect, and respond to misuses. Current approaches to tackle this task via threat modeling techniques lack formal semantics, which prevents formal understanding and aggregation of threat models needed to help security practitioners make informed decisions. We propose threat models formalized via norms, where a norm captures who is accountable to whom and for what. We discuss the merits of a normative representation and list promising directions of research.