移动通信系统威胁建模的可采性与用例探索

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2021-11-12 DOI:10.1145/3460120.3485348

Hsin Yi Chen, S. Rao

{"title":"移动通信系统威胁建模的可采性与用例探索","authors":"Hsin Yi Chen, S. Rao","doi":"10.1145/3460120.3485348","DOIUrl":null,"url":null,"abstract":"As the attack surface and the number of security incidents in mobile communication networks increase, a common language for threat intelligence gathering and sharing among different parties becomes essential. We addressed this by developing the Bhadra framework [4], a domain-specific conceptual framework that captures adversarial behaviors in end-to-end communication over the mobile networks in our previous work. Nevertheless, the acceptance or adoptability of the framework by the mobile communications industry is still unclear. In this work, we built a threat modeling tool as a companion for Bhadra and conduct a user study with industry experts to evaluate the framework's usefulness and explore its potential use cases besides threat modeling and sharing. Our preliminary results indicate that the mobile communication industry would benefit from a threat modeling framework with a companion tool and its use cases, making it a potential candidate to integrate within work processes.","PeriodicalId":135883,"journal":{"name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"On Adoptability and Use Case Exploration of Threat Modeling for Mobile Communication Systems\",\"authors\":\"Hsin Yi Chen, S. Rao\",\"doi\":\"10.1145/3460120.3485348\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the attack surface and the number of security incidents in mobile communication networks increase, a common language for threat intelligence gathering and sharing among different parties becomes essential. We addressed this by developing the Bhadra framework [4], a domain-specific conceptual framework that captures adversarial behaviors in end-to-end communication over the mobile networks in our previous work. Nevertheless, the acceptance or adoptability of the framework by the mobile communications industry is still unclear. In this work, we built a threat modeling tool as a companion for Bhadra and conduct a user study with industry experts to evaluate the framework's usefulness and explore its potential use cases besides threat modeling and sharing. Our preliminary results indicate that the mobile communication industry would benefit from a threat modeling framework with a companion tool and its use cases, making it a potential candidate to integrate within work processes.\",\"PeriodicalId\":135883,\"journal\":{\"name\":\"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-11-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3460120.3485348\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3460120.3485348","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

随着移动通信网络中攻击面和安全事件数量的增加，一种通用的威胁情报收集和共享语言变得至关重要。我们通过开发Bhadra框架[4]解决了这个问题，Bhadra框架是一个特定于领域的概念框架，在我们之前的工作中捕获了移动网络端到端通信中的对抗行为。然而，移动通信行业对该框架的接受或采用程度仍不清楚。在这项工作中，我们建立了一个威胁建模工具作为Bhadra的伙伴，并与行业专家进行了用户研究，以评估框架的有用性，并探索其潜在的用例，除了威胁建模和共享。我们的初步结果表明，移动通信行业将受益于带有配套工具及其用例的威胁建模框架，使其成为集成到工作流程中的潜在候选者。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

On Adoptability and Use Case Exploration of Threat Modeling for Mobile Communication Systems

As the attack surface and the number of security incidents in mobile communication networks increase, a common language for threat intelligence gathering and sharing among different parties becomes essential. We addressed this by developing the Bhadra framework [4], a domain-specific conceptual framework that captures adversarial behaviors in end-to-end communication over the mobile networks in our previous work. Nevertheless, the acceptance or adoptability of the framework by the mobile communications industry is still unclear. In this work, we built a threat modeling tool as a companion for Bhadra and conduct a user study with industry experts to evaluate the framework's usefulness and explore its potential use cases besides threat modeling and sharing. Our preliminary results indicate that the mobile communication industry would benefit from a threat modeling framework with a companion tool and its use cases, making it a potential candidate to integrate within work processes.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量