Papers
Topics
Authors
Recent
Search
2000 character limit reached

Asset-Centric Threat Modeling

Updated 28 February 2026
  • Asset-Centric Threat Modeling is a systematic approach that identifies and evaluates key system assets to derive prioritized threat profiles.
  • It employs both manual and automated methodologies, including hierarchical modeling and interface analysis, to map potential attack paths and vulnerabilities.
  • The approach leverages mathematical frameworks such as design structure matrices and graph theory to ensure traceable, comprehensive, and quantifiable security assessments.

Asset-centric threat modeling is a paradigm in security analysis that fundamentally centers the identification, classification, and quantitative evaluation of assets as the primary locus for threat enumeration, attack path discovery, and risk management. In contrast to vulnerability- or attacker-centric frameworks, asset-centric approaches analyze the system from the perspective of "what must be protected," then derive and prioritize threats based on the structure, value, and connectivity of these assets. This orientation enables rigorous, systematic modeling—spanning software, hardware, cyber-physical, business process, and AI-based platforms—and supports traceable alignment with compliance, risk, and safety requirements.

1. Formalization and Taxonomy of Assets

Asset-centric threat modeling frameworks begin with rigorous asset formalizations and explicit asset taxonomies adapted to the target domain. Common to all frameworks is a precise definition of an asset as any component (logical, physical, information-based, or processual) of value whose compromise would have operational, financial, or safety impact.

  • Software/Hardware: In frameworks such as Lamellae, an asset is a "code execution unit"—including hardware components (CPUs, bridges, peripherals), firmware modules (UEFI, microcode, option ROM), system and runtime software, and applications (Musavi et al., 2018).
  • SoC/RTL Designs: LAsset distinguishes between conceptual assets (e.g., encryption keys, authentication tokens), structural assets (registers, buses, nets), and separates primary (direct target) from secondary (enabling/facilitating) assets (Hasan et al., 6 Jan 2026, Nath et al., 7 Feb 2025).
  • Industrial Systems: AsIf classifies every asset by its interfaces (physical ports, fieldbuses, protocol endpoints) across ISO/OSI layers, treating each interface as a threat entry point (Rosenstatter et al., 2024).
  • AI-Based Systems: In platforms like ThreatFinderAI and enterprise agent-centric flows, assets are categorized by their lifecycle role: data assets, model assets, process assets, infrastructure assets, and actor assets (Assen et al., 2024, Vicarte et al., 8 May 2025, Stappen et al., 5 Feb 2026).
  • Cryptocurrency and Distributed Systems: The ABC framework includes not only technical modules (ledger, transaction pool) but also payment flows, escrow mechanisms, proofs-of-service, and abstract properties such as consistency or privacy (Almashaqbeh et al., 2019).
  • Business Process/Insider Threat: Every BPMN element with organizational value (DataObject, DataStore, UserTask, MessageFlow) is treated as an asset, including non-technical resources and roles (Assen et al., 2024).

Categorization often leverages security objectives such as Confidentiality, Integrity, and Availability (CIA), and, in AI and socio-technical domains, may explicitly extend to privacy, fairness, reputation, and safety.

2. Methodologies for Asset Enumeration and Representation

Systematic asset enumeration is foundational in all asset-centric threat modeling approaches. Methodologies are both domain- and workflow-specific but share the following general structure:

  • Manual and Automated Extraction: Manual enumeration draws from system block diagrams, specifications, and architecture models (e.g., DFDs, BPMN), while automated tools (e.g., LAsset, ThreatFinderAI) apply NLP, structural parsing, and LLM-driven inference to source code, hardware design, and system specifications (Hasan et al., 6 Jan 2026, Nath et al., 7 Feb 2025, Assen et al., 2024, Assen et al., 2024).
  • Hierarchical/Graphical Modeling: Assets are modeled as nodes within hierarchical or dependency graphs—module hierarchies (G_H), domain-object diagrams, interface trees (T(a)), or categorical schemas as in ICAR (Valence, 2023).
  • Interface Analysis: For cyber-physical or industrial devices, exhaustive identification and classification of interfaces (by ISO/OSI layer) ensures all potential attack surfaces are captured (Rosenstatter et al., 2024, Ebrahimi et al., 2022).
  • Asset Role Mapping: In advanced frameworks, mapping from conceptual to structural assets and from asset nodes to attack-vectors (e.g., asset–CWE relationships) underpins prioritized mitigation generation (Hasan et al., 6 Jan 2026, Almashaqbeh et al., 2019, Valence, 2023).

A summary table of asset classes in selected frameworks:

Framework Asset Types Modeled Asset Identification Primitives
Lamellae Hardware, firmware, system SW, applications Code execution unit, privileged relationships
LAsset Conceptual, primary/secondary structural assets in SoC/RTL LLM-aided RTL/Spec parsing, signal mapping
ThreatFinderAI Data, model, process, infrastructure, actor assets (AI lifecycle) Diagram annotation, category stencils
AsIf Cyber-physical assets, ISO/OSI-layered interfaces Interface discovery, bottom-up tree construction
ABC (crypto) Concrete, abstract (funds, rewards, properties) Module decomposition, role graph, collusion matrix

3. Privileged Relationships, Attack Surface, and Structural Analysis

A defining aspect of asset-centric threat modeling is the explicit modeling of relationships—privilege, influence, dependency—between assets, which governs potential attack vectors and threat propagation mechanisms.

  • Privileged Relationships: In Lamellae, privileged relationships R ⊆ A×A represent by-design or mis-use ability for one asset to directly or indirectly bypass protections on another. This includes eight classes: physical, logical, sequential, configuration, control, reflective, access, and protective privileges (Musavi et al., 2018).
  • Interface Trees and Multi-layer Connectivity: AsIf recommends construction of interface trees per asset, assigning each interface to a protocol stack layer. Every interface at each layer is an explicit threat entry, and the parent–child structure encodes dependency and potential escalation paths (Rosenstatter et al., 2024).
  • Dependency and Influence Graphs: LAsset defines module hierarchy graphs and intra/inter-module asset dependency edges, quantifies Degree of Influence (DoI) from secondary to primary assets, and annotates connections with bit-level impact metrics (Hasan et al., 6 Jan 2026).
  • Petri Nets in Cloud/MLA Modeling: ThreatPro formalizes dynamic cloud asset life cycles and inter-asset transitions as Petri nets, where transitions encode potential state changes as the result of exploitation, migration, or cascading failures (Manzoor et al., 2022).

These structures support advanced analyses: reachability (transitive closure of privileged relationships), detection of weak couplings or cycles ("tears" in DSM), and automated mapping from vulnerabilities to assets through compositional paths (as in ICAR's categorical queries) (Valence, 2023).

4. Threat, Attack, and Risk Modeling Drives from Asset Structures

Once assets and their relationships are formalized, threat modeling proceeds by mapping potential attacks via systematic enumeration techniques that derive:

  • Attack-Tree and Path Construction: Frameworks such as those in automotive (TARA, ISO/SAE 21434) generate per-asset anti-pattern trees, recursively compose attack paths via series-parallel graphs and AND/OR/SAND operators, and enumerate feasible attack chains for each high-value asset (Ebrahimi et al., 2022).
  • Collusion Matrices: The ABC framework constructs collusion matrices for each asset/threat category, canvassing all attacker groups' combinations against every asset, reducing redundant or impossible cases while retaining maximal coverage of financially or strategically motivated attacks (Almashaqbeh et al., 2019).
  • Threat Knowledge Base (KB) Matching: Asset-centric models in AI systems (ThreatFinderAI, asset-centric AI threat modeling) structure threat KBs as sets of per-asset capability requirements, matching asset maps to threat preconditions, and flagging in-scope threats for deeper analysis (Vicarte et al., 8 May 2025, Assen et al., 2024).
  • Interface-Based Threat Mapping: AsIf’s interface trees enable direct mapping of vulnerabilities (e.g., unauthorized USB access, bus sniffing, network service exploitation) to specific interface nodes at each layer (Rosenstatter et al., 2024).
  • Risk Quantification and Prioritization: Risk is prioritized using quantitative or hybrid scoring (e.g., ISADM frequency–impact risk scores (Hasan et al., 21 Dec 2025), ThreatFinderAI’s log-normal/Poisson modeling of loss distributions (Assen et al., 2024)), aligning mitigation investments directly with asset importance and real-world adversary behavior.

5. Application Domains and Case Studies

Asset-centric threat modeling exhibits broad applicability, with domain-specific adaptations:

  • Platform Security and Architectural Attacks: Lamellae models privilege chains and extracts architectural attack patterns (e.g., SMM rootkits, DMA keyloggers) that emerge only when both SW and HW assets are considered as first-class (Musavi et al., 2018).
  • SoC/RTL and Hardware Verification: LAsset and related tools automate asset identification and generate asset-annotated threat graphs, facilitating direct synthesis of security properties (e.g., using SVA or PSL) and efficient vulnerability detection (Hasan et al., 6 Jan 2026, Nath et al., 7 Feb 2025).
  • AI Systems and Agentic AI: Threat modeling techniques tailored to AI (ThreatFinderAI, AgentHeLLM, enterprise RAG asset-centric) accommodate model-centric, data-centric, and human-centric threats, including those involving prompt injection, model extraction, and agent-to-agent poisoning (Assen et al., 2024, Vicarte et al., 8 May 2025, Stappen et al., 5 Feb 2026).
  • Industrial Automation and IIoT: AsIf provides systematic methods to discover seldom-mapped physical interfaces, closing gaps in coverage observed in ad-hoc brainstorming, and supports traceable, layer-by-layer DFD and STRIDE analysis (Rosenstatter et al., 2024).
  • Business Process/Insider Threat: BPMN-based regimes, notably those in (Assen et al., 2024), treat both digital and non-digital artifacts as assets, mapping insider threat knowledge bases to technical and non-technical BPMN elements and automating threat candidate suggestion.

In all cases, quantitative metrics (precision, recall, risk models), case studies, and user studies are deployed to validate improved threat identification, especially for complex scenarios (e.g., collusion in cryptocurrency protocols, multi-layer cloud attacks, AI supply-chain risks).

6. Analytical and Mathematical Foundations

Asset-centric threat modeling’s analytical rigor is grounded in several mathematical formalisms:

  • Design Structure Matrix (DSM): Used to encode asset–asset privilege in an n×nn \times n binary matrix, enabling reachability, cycle, and pattern analysis (Musavi et al., 2018).
  • Set-theoretic and Graph-theoretic Models: Assets, their interfaces, and dependencies are typically formalized as sets, trees, or graphs. Attack paths are encoded as sequences or DAGs, facilitating enumeration and hitting-set optimizations (e.g., removing minimal sets of weaknesses in ICAR) (Valence, 2023).
  • Categorical Structures: ICAR exploits category theory to represent and query the relationships among assets, vulnerabilities, attack techniques, and tactics, yielding principled, compositional queries (e.g., all attack-paths from ATT to a given Asset, minimal blocking sets of weaknesses) (Valence, 2023).
  • Probabilistic Risk Models: Hybrid and numerical models (e.g., log-normal/Poisson compounding, frequency-informed threat prioritization) enable asset-centric approaches to compute expected loss, exceedance probabilities, and risk-based prioritization (Hasan et al., 21 Dec 2025, Assen et al., 2024).

This mathematical grounding supplies completeness, minimality, automation potential, and formal guarantees of coverage—characteristics superior to non-asset-centric approaches.

7. Comparative Evaluation and Impact

Empirical studies consistently demonstrate the competitive advantages of asset-centric threat modeling:

  • Coverage and Recall: In user studies, asset-centric methodologies like ABC yield higher detection rates for financially or system-critical threats and expose collusion scenarios that attacker- or top-down taxonomies routinely miss (e.g., 71% ABC vs. 13% STRIDE in financial threat recall (Almashaqbeh et al., 2019)).
  • Workflow Integration and Usability: As shown by field studies (AsIf, ThreatFinderAI), asset-centric models enhance expert traceability of threat surfaces, reduce manual enumeration workloads by up to 90% in hardware contexts, and support audit-friendly, iterative risk engineering (Rosenstatter et al., 2024, Assen et al., 2024, Hasan et al., 6 Jan 2026, Nath et al., 7 Feb 2025).
  • Compositional Flexibility: Categorical, graph-based, and layered models (ICAR, Lamellae, AsIf interface trees) preserve modularity, inheritance, and scalability, enabling adaptation across system scales (from SoC modules to global cloud assets) (Valence, 2023, Musavi et al., 2018, Rosenstatter et al., 2024).
  • Regulatory and Safety Alignment: Human-centric and function-driven asset models (AgentHeLLM, TARA-compliant frameworks) underpin traceable, regulatory-compliant threat assessments, notably in automotive and AI-integrated environments (Stappen et al., 5 Feb 2026, Ebrahimi et al., 2022).
  • Limitations and Future Directions: Asset-centric approaches require accurate, up-to-date asset and interface inventories, may rely on naming conventions or semantic annotations (in hardware), and benefit from expert-in-the-loop filtering to minimize false positives/negatives, especially for novel or cross-domain threats. Advancements integrate LLM-driven automation, embedding-based semantic validation, and compositional logic to address these challenges (Hasan et al., 6 Jan 2026, Nath et al., 7 Feb 2025, Assen et al., 2024).

Asset-centric threat modeling thereby provides a reproducible, mathematically rigorous, and operationally aligned methodology that enables security practitioners and researchers to systematically identify, quantify, and mitigate risks within complex, interconnected, and dynamic system landscapes. Its sustained evolution across domains reflects both the increasing complexity of adversarial behaviors and the growing need for automated, scalable, and context-aware security analysis.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Sign Up to Generate

Follow Topic

Get notified by email when new papers are published related to Asset-Centric Threat Modeling.

Sign Up to Follow Topic by Email