- Văn bản
- Lịch sử
3.1.3 General Threat Modelling Meth
3.1.3 General Threat Modelling Methodologies
STRIDE is not the only risk assessment methodology. Three common types of approaches exist: Asset-centric, attacker-centric, and software-centric. Asset-centric focusses on sensitive data, information or hardware, which needs to be protected. For each asset, the damaging methods and the overall impact of a loss are evaluated. STRIDE can be extended with DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) to gauge the potential chance or extent of an attack. Similarly, the Common Vulnerability Scoring System (CVSS) [66], an industry standard to rate and assess the potential of a security vulnerability, can be utilised to prioritise and identify security issues for individual assets. However, these models are not part of the scope of the thesis as they classify security priority and company loss, which is not relevant for theoretical frameworks, such as the model established in the previous chapter. The attack-centric method humanises, categorises attackers into several personalities (e.g the ”Script Kiddie” or ”Agent”) and estimates their capabilities in the current system. According to these capabilities, prevention methods are developed and applied. This approach is less concerned about the technical intricacies of the relevant system and more about the damage potential and risk of varyingly professional attackers. The software-centric approach is the most suitable methodology, as it disassembles the system into single interworking mechanisms, actors, dependencies, and trust boundaries. The software defined network can be interpreted as a large operating system structure and thus the software-centric model can aptly analyse and highlight potential vulnerabilities. Instead of DFDs, the software architecture can also be decomposed into UML diagrams, state-charts or Petri nets. Ariss, Wu, and Xu, 2011 [67] presented an approach to integrate attack trees into state charts to visualise the insecure state of a system. Nevertheless, these approaches are likely more suitable for software systems with processes and varying system states and not fluid, interaction-based structures as in SDN. The thesis OpenFlow - A Security Analysis [63] discusses further methodologies for threat modelling and presents extensions to already existing models.
STRIDE is not the only risk assessment methodology. Three common types of approaches exist: Asset-centric, attacker-centric, and software-centric. Asset-centric focusses on sensitive data, information or hardware, which needs to be protected. For each asset, the damaging methods and the overall impact of a loss are evaluated. STRIDE can be extended with DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) to gauge the potential chance or extent of an attack. Similarly, the Common Vulnerability Scoring System (CVSS) [66], an industry standard to rate and assess the potential of a security vulnerability, can be utilised to prioritise and identify security issues for individual assets. However, these models are not part of the scope of the thesis as they classify security priority and company loss, which is not relevant for theoretical frameworks, such as the model established in the previous chapter. The attack-centric method humanises, categorises attackers into several personalities (e.g the ”Script Kiddie” or ”Agent”) and estimates their capabilities in the current system. According to these capabilities, prevention methods are developed and applied. This approach is less concerned about the technical intricacies of the relevant system and more about the damage potential and risk of varyingly professional attackers. The software-centric approach is the most suitable methodology, as it disassembles the system into single interworking mechanisms, actors, dependencies, and trust boundaries. The software defined network can be interpreted as a large operating system structure and thus the software-centric model can aptly analyse and highlight potential vulnerabilities. Instead of DFDs, the software architecture can also be decomposed into UML diagrams, state-charts or Petri nets. Ariss, Wu, and Xu, 2011 [67] presented an approach to integrate attack trees into state charts to visualise the insecure state of a system. Nevertheless, these approaches are likely more suitable for software systems with processes and varying system states and not fluid, interaction-based structures as in SDN. The thesis OpenFlow - A Security Analysis [63] discusses further methodologies for threat modelling and presents extensions to already existing models.
0/5000
3.1.3 mối đe dọa Tổng mô hình phương phápSTRIDE is not the only risk assessment methodology. Three common types of approaches exist: Asset-centric, attacker-centric, and software-centric. Asset-centric focusses on sensitive data, information or hardware, which needs to be protected. For each asset, the damaging methods and the overall impact of a loss are evaluated. STRIDE can be extended with DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) to gauge the potential chance or extent of an attack. Similarly, the Common Vulnerability Scoring System (CVSS) [66], an industry standard to rate and assess the potential of a security vulnerability, can be utilised to prioritise and identify security issues for individual assets. However, these models are not part of the scope of the thesis as they classify security priority and company loss, which is not relevant for theoretical frameworks, such as the model established in the previous chapter. The attack-centric method humanises, categorises attackers into several personalities (e.g the ”Script Kiddie” or ”Agent”) and estimates their capabilities in the current system. According to these capabilities, prevention methods are developed and applied. This approach is less concerned about the technical intricacies of the relevant system and more about the damage potential and risk of varyingly professional attackers. The software-centric approach is the most suitable methodology, as it disassembles the system into single interworking mechanisms, actors, dependencies, and trust boundaries. The software defined network can be interpreted as a large operating system structure and thus the software-centric model can aptly analyse and highlight potential vulnerabilities. Instead of DFDs, the software architecture can also be decomposed into UML diagrams, state-charts or Petri nets. Ariss, Wu, and Xu, 2011 [67] presented an approach to integrate attack trees into state charts to visualise the insecure state of a system. Nevertheless, these approaches are likely more suitable for software systems with processes and varying system states and not fluid, interaction-based structures as in SDN. The thesis OpenFlow - A Security Analysis [63] discusses further methodologies for threat modelling and presents extensions to already existing models.
đang được dịch, vui lòng đợi..
Các ngôn ngữ khác
Hỗ trợ công cụ dịch thuật: Albania, Amharic, Anh, Armenia, Azerbaijan, Ba Lan, Ba Tư, Bantu, Basque, Belarus, Bengal, Bosnia, Bulgaria, Bồ Đào Nha, Catalan, Cebuano, Chichewa, Corsi, Creole (Haiti), Croatia, Do Thái, Estonia, Filipino, Frisia, Gael Scotland, Galicia, George, Gujarat, Hausa, Hawaii, Hindi, Hmong, Hungary, Hy Lạp, Hà Lan, Hà Lan (Nam Phi), Hàn, Iceland, Igbo, Ireland, Java, Kannada, Kazakh, Khmer, Kinyarwanda, Klingon, Kurd, Kyrgyz, Latinh, Latvia, Litva, Luxembourg, Lào, Macedonia, Malagasy, Malayalam, Malta, Maori, Marathi, Myanmar, Mã Lai, Mông Cổ, Na Uy, Nepal, Nga, Nhật, Odia (Oriya), Pashto, Pháp, Phát hiện ngôn ngữ, Phần Lan, Punjab, Quốc tế ngữ, Rumani, Samoa, Serbia, Sesotho, Shona, Sindhi, Sinhala, Slovak, Slovenia, Somali, Sunda, Swahili, Séc, Tajik, Tamil, Tatar, Telugu, Thái, Thổ Nhĩ Kỳ, Thụy Điển, Tiếng Indonesia, Tiếng Ý, Trung, Trung (Phồn thể), Turkmen, Tây Ban Nha, Ukraina, Urdu, Uyghur, Uzbek, Việt, Xứ Wales, Yiddish, Yoruba, Zulu, Đan Mạch, Đức, Ả Rập, dịch ngôn ngữ.
- Dear Professor Heikki A.Loikkanen!I got
- Ninja Fruit
- người đóng vai đại sư huynh là Lục Tiểu
- My favorite childhood memories were most
- ngày dự kiến khai trương sẽ là
- Control right signal of two status
- + Tăng cường nguồn lực cho hoạt động ngh
- Chắc hẳn, ai ai cũng biết tầm quan
- Thường xuyên cắt tỉa cây cối, vệ sinh kh
- Reporting andDisclosure
- Nó có 2 nghĩa, một là xưng hô giữa anh t
- nếu bạn bận ngày mai bạn có thể giao nó
- thuốc kháng sinh
- Căn cứ nội dung của hợp đồng kinh tế số:
- The cultivated form of cashew is held to
- Nó có 2 nghĩa, một là xưng hô giữa anh t
- Thậm chí bạn còn không muốn tôi biết vè
- màu xám vàng
- tell them how long they can expect to be
- EU nhập khẩu 260,5 ngàn tấn gạo từ 1/9-2
- Referring now more specifically to -FIG.
- bạn bị điên à?
- Referring now more specifically to -FIG.
- chúng tôi để đồ đạc ở phòng kho
