{"id":"https://openalex.org/W4416199979","doi":"https://doi.org/10.1145/3733812.3765533","title":"ThreatCompute: Leveraging LLMs for Automated Threat Modeling of Cloud-Native Applications","display_name":"ThreatCompute: Leveraging LLMs for Automated Threat Modeling of Cloud-Native Applications","publication_year":2025,"publication_date":"2025-10-13","ids":{"openalex":"https://openalex.org/W4416199979","doi":"https://doi.org/10.1145/3733812.3765533"},"language":"en","primary_location":{"id":"doi:10.1145/3733812.3765533","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733812.3765533","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3733812.3765533","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 Cloud Computing Security Workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3733812.3765533","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5120496947","display_name":"Anna Wimbauer","orcid":"https://orcid.org/0009-0005-6106-503X"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Anna Wimbauer","raw_affiliation_strings":["BIFOLD &amp; TU Berlin, Berlin, Germany and Technical University of Munich, Munich, Germany"],"raw_orcid":"https://orcid.org/0009-0005-6106-503X","affiliations":[{"raw_affiliation_string":"BIFOLD &amp; TU Berlin, Berlin, Germany and Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021960291","display_name":"Luca Muscariello","orcid":"https://orcid.org/0000-0001-6143-6076"},"institutions":[{"id":"https://openalex.org/I4210161560","display_name":"Cisco Systems (France)","ror":"https://ror.org/058es3q19","country_code":"FR","type":"company","lineage":["https://openalex.org/I135428043","https://openalex.org/I4210161560"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Luca Muscariello","raw_affiliation_strings":["Cisco Systems, Paris, France"],"raw_orcid":"https://orcid.org/0000-0001-6143-6076","affiliations":[{"raw_affiliation_string":"Cisco Systems, Paris, France","institution_ids":["https://openalex.org/I4210161560"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087422798","display_name":"Jacques Samain","orcid":"https://orcid.org/0000-0002-1664-982X"},"institutions":[{"id":"https://openalex.org/I4210161560","display_name":"Cisco Systems (France)","ror":"https://ror.org/058es3q19","country_code":"FR","type":"company","lineage":["https://openalex.org/I135428043","https://openalex.org/I4210161560"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Jacques Samain","raw_affiliation_strings":["Cisco Systems, Paris, France"],"raw_orcid":"https://orcid.org/0000-0002-1664-982X","affiliations":[{"raw_affiliation_string":"Cisco Systems, Paris, France","institution_ids":["https://openalex.org/I4210161560"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071945727","display_name":"Lion Steger","orcid":"https://orcid.org/0000-0001-7075-1545"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lion Steger","raw_affiliation_strings":["Technical University of Munich, Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7075-1545","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5093136125","display_name":"Kilian Glas","orcid":"https://orcid.org/0009-0005-3014-4595"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Kilian Glas","raw_affiliation_strings":["Technical University of Munich, Munich, Germany"],"raw_orcid":"https://orcid.org/0009-0005-3014-4595","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064953906","display_name":"Max Helm","orcid":"https://orcid.org/0000-0001-7944-4867"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Max Helm","raw_affiliation_strings":["Technical University of Munich, Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0001-7944-4867","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060144977","display_name":"Georg Carle","orcid":"https://orcid.org/0000-0002-2347-1839"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Georg Carle","raw_affiliation_strings":["Technical University of Munich, Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0002-2347-1839","affiliations":[{"raw_affiliation_string":"Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.43974494,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"14","last_page":"27"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6331999897956848,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.6331999897956848,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.05820000171661377,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.038100000470876694,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.6331999897956848},{"id":"https://openalex.org/keywords/risk-assessment","display_name":"Risk assessment","score":0.4027000069618225},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.37529999017715454},{"id":"https://openalex.org/keywords/intervention","display_name":"Intervention (counseling)","score":0.33889999985694885},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.3167000114917755},{"id":"https://openalex.org/keywords/threat","display_name":"Threat","score":0.3052999973297119}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6822999715805054},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6656000018119812},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.6331999897956848},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4255000054836273},{"id":"https://openalex.org/C12174686","wikidata":"https://www.wikidata.org/wiki/Q1058438","display_name":"Risk assessment","level":2,"score":0.4027000069618225},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.37529999017715454},{"id":"https://openalex.org/C2780665704","wikidata":"https://www.wikidata.org/wiki/Q959298","display_name":"Intervention (counseling)","level":2,"score":0.33889999985694885},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.3167000114917755},{"id":"https://openalex.org/C17520342","wikidata":"https://www.wikidata.org/wiki/Q7797190","display_name":"Threat","level":5,"score":0.3052999973297119},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.296999990940094},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2728999853134155},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2718000113964081},{"id":"https://openalex.org/C2778868856","wikidata":"https://www.wikidata.org/wiki/Q18394273","display_name":"Threat assessment","level":2,"score":0.2660999894142151},{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.25619998574256897}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3733812.3765533","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733812.3765533","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3733812.3765533","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 Cloud Computing Security Workshop","raw_type":"proceedings-article"},{"id":"pmh:doi:10.14279/depositonce-24977","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference Object"}],"best_oa_location":{"id":"doi:10.1145/3733812.3765533","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733812.3765533","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3733812.3765533","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 Cloud Computing Security Workshop","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320331012","display_name":"Bayerische Staatsministerium f\u00fcr Wirtschaft, Landesentwicklung und Energie","ror":null},{"id":"https://openalex.org/F4320334322","display_name":"HORIZON EUROPE Framework Programme","ror":null}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4416199979.pdf"},"referenced_works_count":24,"referenced_works":["https://openalex.org/W180604521","https://openalex.org/W1508191694","https://openalex.org/W2121805588","https://openalex.org/W2808844959","https://openalex.org/W2898811948","https://openalex.org/W2910378408","https://openalex.org/W2921968294","https://openalex.org/W3094094693","https://openalex.org/W3105284751","https://openalex.org/W3107766616","https://openalex.org/W3161981285","https://openalex.org/W4221136374","https://openalex.org/W4293024991","https://openalex.org/W4308731708","https://openalex.org/W4313256807","https://openalex.org/W4362704786","https://openalex.org/W4362720688","https://openalex.org/W4367692678","https://openalex.org/W4387088631","https://openalex.org/W4388817831","https://openalex.org/W4402639489","https://openalex.org/W4407278824","https://openalex.org/W4411173238","https://openalex.org/W4411549717"],"related_works":[],"abstract_inverted_index":{"The":[0,83],"increasing":[1],"complexity":[2],"of":[3,33,39,100,136,142,147,154],"cloud-native":[4],"applications":[5],"has":[6],"necessitated":[7],"advanced":[8],"methodologies":[9],"for":[10,95],"threat":[11,34,81,107],"modeling":[12],"and":[13,36,77,90,109,124,133,159],"security":[14,56,63,138,161],"analysis.":[15],"This":[16,129],"paper":[17],"presents":[18],"ThreatCompute,":[19],"a":[20,110],"novel":[21],"framework":[22,84],"that":[23,119],"combines":[24],"LLMs":[25,60],"with":[26],"attack":[27,48,102,117,122],"graphs":[28,118],"to":[29,47,61],"automate":[30],"the":[31,37,86,91,152],"generation":[32,50],"hypotheses":[35,108],"quantification":[38],"risk":[40,112],"in":[41,157],"Kubernetes":[42,96,148],"environments.":[43],"While":[44],"traditional":[45],"approaches":[46],"graph":[49],"require":[51],"significant":[52],"manual":[53,71],"effort":[54],"from":[55,65],"experts,":[57],"ThreatCompute":[58,114],"leverages":[59],"extract":[62],"insights":[64],"system":[66],"information,":[67],"reducing":[68],"reliance":[69],"on":[70,105],"intervention":[72],"while":[73],"maintaining":[74],"high":[75],"accuracy":[76],"generating":[78],"context-specific,":[79],"system-aware":[80],"insights.":[82],"utilizes":[85],"MITRE":[87],"ATT&CK":[88],"Matrix":[89,94],"Microsoft":[92],"Threat":[93],"as":[97],"structured":[98],"domains":[99],"possible":[101],"techniques.":[103],"Based":[104],"LLM-generated":[106],"quantitative":[111,134],"metric,":[113],"constructs":[115],"detailed":[116],"illustrate":[120],"potential":[121],"paths":[123],"assess":[125],"their":[126],"associated":[127],"risks.":[128,162],"enables":[130],"both":[131],"qualitative":[132],"evaluations":[135],"application":[137],"across":[139],"varying":[140],"levels":[141],"granularity.":[143],"Through":[144],"real-world":[145],"examples":[146],"applications,":[149],"we":[150],"demonstrate":[151],"effectiveness":[153],"our":[155],"approach":[156],"identifying":[158],"quantifying":[160]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-11-14T00:00:00"}