面向服务的网络威胁分析建模

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-03-16 DOI:10.1145/3374664.3379528

Kees Leune, Sung Kim

{"title":"面向服务的网络威胁分析建模","authors":"Kees Leune, Sung Kim","doi":"10.1145/3374664.3379528","DOIUrl":null,"url":null,"abstract":"The future of enterprise cyber defense is predictive and the use of model-based threat hunting is an enabling technique. Current approaches to threat modeling are predicated on the assumption that models are used to develop better software, rather than to describe threats to software being used as a service (SaaS). In this paper, we propose a service-modeling methodology that will facilitate pro-active cyber defense for organizations adopting SaaS. We model structural and dynamic elements to provide a robust representation of the defensible system. Our approach is validated by implementing a prototype and by using it to model a popular course management system.","PeriodicalId":171521,"journal":{"name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Service-Oriented Modeling for Cyber Threat Analysis\",\"authors\":\"Kees Leune, Sung Kim\",\"doi\":\"10.1145/3374664.3379528\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The future of enterprise cyber defense is predictive and the use of model-based threat hunting is an enabling technique. Current approaches to threat modeling are predicated on the assumption that models are used to develop better software, rather than to describe threats to software being used as a service (SaaS). In this paper, we propose a service-modeling methodology that will facilitate pro-active cyber defense for organizations adopting SaaS. We model structural and dynamic elements to provide a robust representation of the defensible system. Our approach is validated by implementing a prototype and by using it to model a popular course management system.\",\"PeriodicalId\":171521,\"journal\":{\"name\":\"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-03-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3374664.3379528\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3374664.3379528","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

企业网络防御的未来是可预测的，使用基于模型的威胁搜索是一种使能技术。当前的威胁建模方法是基于这样的假设:模型是用来开发更好的软件的，而不是用来描述作为服务(SaaS)使用的软件所面临的威胁。在本文中，我们提出了一种服务建模方法，该方法将促进采用SaaS的组织的主动网络防御。我们对结构和动态元素进行建模，以提供可防御系统的鲁棒表示。我们的方法通过实现一个原型并使用它来为一个流行的课程管理系统建模来验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Service-Oriented Modeling for Cyber Threat Analysis

The future of enterprise cyber defense is predictive and the use of model-based threat hunting is an enabling technique. Current approaches to threat modeling are predicated on the assumption that models are used to develop better software, rather than to describe threats to software being used as a service (SaaS). In this paper, we propose a service-modeling methodology that will facilitate pro-active cyber defense for organizations adopting SaaS. We model structural and dynamic elements to provide a robust representation of the defensible system. Our approach is validated by implementing a prototype and by using it to model a popular course management system.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

自引率

0.00%

发文量