Bridging the Gap: Enhancing DevOps Security Through Comprehensive Threat Modeling

Author

Ashutosh Jagdish Sonar, Florida Institute of TechnologyFollow

Date of Award

5-2025

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Electrical Engineering and Computer Science

First Advisor

Sneha Sudhakaran

Second Advisor

Kaitlynn M. Gokey

Third Advisor

Marius Silaghi

Fourth Advisor

Brian A. Lail

Abstract

Today, security is an essential component of software development, especially in DevOps environments where rapid and continuous product release cycles are common. Systems are vulnerable to new attacks because traditional security approaches often cannot keep up with the pace of change. The threat modeling approaches used in DevOps are examined in this thesis, along with their advantages, disadvantages, and suitability for use in current software development processes. Well-known frameworks including STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service (DoS), and Elevation of Privilege), Attack Trees, LINDDUN (Linking, Identifying, Non-Repudiation, Detecting, Data Disclosure, Unawareness, and Non-Compliance.), Practical Threat Analysis (PTA), and Process for Attack Simulation and Threat Analysis (PASTA) are all methodically examined in this study. This study compares different approaches in an effort to give organizations a structured approach to improve security without compromising agility. In our approach, we implement an application domain-specific operational threat modeling strategy that consistently uncovers 2–4 additional threats in high-risk applications such as those in finance, banking, and cloud environments, compared to traditional methods. This improved threat identification contributes to a projected reduction of 40–65\% in overall risk when our approach is applied over conventional techniques. The results highlight how crucial automation and hybrid security approaches are in ensuring thorough threat modeling in DevOps systems.

Recommended Citation

Sonar, Ashutosh Jagdish, "Bridging the Gap: Enhancing DevOps Security Through Comprehensive Threat Modeling" (2025). Theses and Dissertations. 1566.
https://repository.fit.edu/etd/1566