{"title":"威胁建模","authors":"James Helfrich","doi":"10.1201/9780429506475-12","DOIUrl":null,"url":null,"abstract":"Threat modeling and analysis provides a complete view about the security of a system. It is performed by a systematic and strategic way for identifying and enumerating threats to a system. 1. Some Common Definition (RFC 2828) Vulnerability: \" A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy \" Threat: \" A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm... a threat is a possible danger that might exploit a vulnerability \" Attack: \" An assault on system security that derives from an intelligent threat, to evade security services and violate the security policy of a system. \" 2. Modeling Phases We are currently following an iterative step, starting from the higher level – identifying major components and identification of threats from overall perspective. In the second part, we are performing threat analysis for each of the earlier identified components then passing data through those components from identified major use case. Finally, we merge the analysis report to one. Questions: component breakdown or use case breakdown is better option ? Figure 1: An iterative process for threat identification","PeriodicalId":253087,"journal":{"name":"Hacking Connected Cars","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"316","resultStr":"{\"title\":\"Threat Modeling\",\"authors\":\"James Helfrich\",\"doi\":\"10.1201/9780429506475-12\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Threat modeling and analysis provides a complete view about the security of a system. It is performed by a systematic and strategic way for identifying and enumerating threats to a system. 1. Some Common Definition (RFC 2828) Vulnerability: \\\" A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy \\\" Threat: \\\" A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm... a threat is a possible danger that might exploit a vulnerability \\\" Attack: \\\" An assault on system security that derives from an intelligent threat, to evade security services and violate the security policy of a system. \\\" 2. Modeling Phases We are currently following an iterative step, starting from the higher level – identifying major components and identification of threats from overall perspective. In the second part, we are performing threat analysis for each of the earlier identified components then passing data through those components from identified major use case. Finally, we merge the analysis report to one. Questions: component breakdown or use case breakdown is better option ? Figure 1: An iterative process for threat identification\",\"PeriodicalId\":253087,\"journal\":{\"name\":\"Hacking Connected Cars\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"316\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Hacking Connected Cars\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1201/9780429506475-12\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Hacking Connected Cars","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1201/9780429506475-12","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Threat modeling and analysis provides a complete view about the security of a system. It is performed by a systematic and strategic way for identifying and enumerating threats to a system. 1. Some Common Definition (RFC 2828) Vulnerability: " A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy " Threat: " A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm... a threat is a possible danger that might exploit a vulnerability " Attack: " An assault on system security that derives from an intelligent threat, to evade security services and violate the security policy of a system. " 2. Modeling Phases We are currently following an iterative step, starting from the higher level – identifying major components and identification of threats from overall perspective. In the second part, we are performing threat analysis for each of the earlier identified components then passing data through those components from identified major use case. Finally, we merge the analysis report to one. Questions: component breakdown or use case breakdown is better option ? Figure 1: An iterative process for threat identification
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
