{"title":"案例研究:Windows远程管理系统的安全性","authors":"Tarik Dervišević, Sabina Baraković, J. Husić","doi":"10.2478/bhee-2020-0007","DOIUrl":null,"url":null,"abstract":"Abstract In the process of designing and forming each system, it is necessary to identify potential vulnerabilities and threats to that system and to include appropriate countermeasures. The process that helps to find the problem in the first phase of design is called threat modeling. Threat modeling is based on the idea that every system has valuable resources that need to be protected. These resources have certain weak points that internal or external threats can use to harm them, while there are as well countermeasures used to mitigate them. Therefore, this paper analyses the security of a Web of Things (WoT)-based system for remote management of windows, which is in the design stage by using a threat modeling approach based on STRIDE and DREAD. The results obtained through Microsoft Threat Modeling Tool (MTMT) justified the use of threat modeling in the design phase given that we have identified in total 118 threats, with Elevation of privilege class of threats being the most prominent ones. The Information disclosure threats are found to be the ones characterized as medium and low risk ones, while the most represented high-risk threats again come from the Elevation of privilege class of threats.","PeriodicalId":236883,"journal":{"name":"B&H Electrical Engineering","volume":"84 6","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Case Study: Security of System for Remote Management of Windows\",\"authors\":\"Tarik Dervišević, Sabina Baraković, J. Husić\",\"doi\":\"10.2478/bhee-2020-0007\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract In the process of designing and forming each system, it is necessary to identify potential vulnerabilities and threats to that system and to include appropriate countermeasures. The process that helps to find the problem in the first phase of design is called threat modeling. Threat modeling is based on the idea that every system has valuable resources that need to be protected. These resources have certain weak points that internal or external threats can use to harm them, while there are as well countermeasures used to mitigate them. Therefore, this paper analyses the security of a Web of Things (WoT)-based system for remote management of windows, which is in the design stage by using a threat modeling approach based on STRIDE and DREAD. The results obtained through Microsoft Threat Modeling Tool (MTMT) justified the use of threat modeling in the design phase given that we have identified in total 118 threats, with Elevation of privilege class of threats being the most prominent ones. The Information disclosure threats are found to be the ones characterized as medium and low risk ones, while the most represented high-risk threats again come from the Elevation of privilege class of threats.\",\"PeriodicalId\":236883,\"journal\":{\"name\":\"B&H Electrical Engineering\",\"volume\":\"84 6\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"B&H Electrical Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2478/bhee-2020-0007\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"B&H Electrical Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2478/bhee-2020-0007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
在设计和形成每个系统的过程中,都需要识别该系统的潜在漏洞和威胁,并制定相应的对策。在设计的第一阶段帮助发现问题的过程称为威胁建模。威胁建模基于这样的理念:每个系统都有需要保护的宝贵资源。这些资源有某些弱点,内部或外部威胁可以利用这些弱点来伤害它们,同时也有一些对策可以用来减轻这些弱点。因此,本文采用基于STRIDE和DREAD的威胁建模方法,对处于设计阶段的基于物联网(Web of Things, WoT)的窗口远程管理系统的安全性进行了分析。通过Microsoft威胁建模工具(MTMT)获得的结果证明了在设计阶段使用威胁建模是合理的,因为我们已经识别了总共118个威胁,其中提升特权类威胁是最突出的威胁。信息披露威胁以中、低风险类型的威胁最为明显,而最具代表性的高风险威胁仍然来自于特权提升类的威胁。
Case Study: Security of System for Remote Management of Windows
Abstract In the process of designing and forming each system, it is necessary to identify potential vulnerabilities and threats to that system and to include appropriate countermeasures. The process that helps to find the problem in the first phase of design is called threat modeling. Threat modeling is based on the idea that every system has valuable resources that need to be protected. These resources have certain weak points that internal or external threats can use to harm them, while there are as well countermeasures used to mitigate them. Therefore, this paper analyses the security of a Web of Things (WoT)-based system for remote management of windows, which is in the design stage by using a threat modeling approach based on STRIDE and DREAD. The results obtained through Microsoft Threat Modeling Tool (MTMT) justified the use of threat modeling in the design phase given that we have identified in total 118 threats, with Elevation of privilege class of threats being the most prominent ones. The Information disclosure threats are found to be the ones characterized as medium and low risk ones, while the most represented high-risk threats again come from the Elevation of privilege class of threats.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
