Security is a top concern in digital infrastructure and there is a basic need to assess the level of security ensured for any given application. To accommodate this requirement, we propose a new risk assessment system. Our system identifies threats of an application workflow, computes the severity weights with the modified Microsoft STRIDE/DREAD model and estimates the final risk exposure after applying security countermeasures in the available digital infrastructures. This allows potential customers to rank these infrastructures in terms of security for their own specific use cases. We additionally present a method to validate the stability and resolution of our ranking system with respect to subjective choices of the DREAD model threat rating parameters. Our results show that our system is stable against unavoidable subjective choices of the DREAD model parameters for a specific use case, with a rank correlation higher than 0.93 and normalised mean square error lower than 0.05.

安全性是数字基础设施中的首要问题，并且基本需要评估为任何给定应用程序确保的安全级别。为了满足这一要求，我们提出了一个新的风险评估系统。我们的系统识别应用程序工作流的威胁，使用修改后的 Microsoft STRIDE/DREAD 模型计算严重性权重，并在可用的数字基础设施中应用安全对策后估计最终风险暴露。这允许潜在客户根据自己特定用例的安全性对这些基础设施进行排名。我们还提出了一种方法来验证我们的排名系统在 DREAD 模型威胁评级参数的主观选择方面的稳定性和分辨率。