Akcije

Telfor Journal
kako citirati ovaj članak
podeli ovaj članak

Metrika

  • citati u SCIndeksu: 0
  • citati u CrossRef-u:0
  • citati u Google Scholaru:[]
  • posete u poslednjih 30 dana:55
  • preuzimanja u poslednjih 30 dana:45

Sadržaj

članak: 1 od 1  
Back povratak na rezultate
2020, vol. 12, br. 1, str. 56-61
Methods, methodologies, and tools for threat modeling with case study
(naslov ne postoji na srpskom)
aInfobip BH, Sarajevo, Bosnia and Herzegovina
bAS Holding, Tešanj, Bosnia and Herzegovina
cMinistry of Security of Bosnia and Herzegovina, Sarajevo, Bosnia and Herzegovina
dUniverzitet u Sarajevu, Federacija BiH

e-adresaamina_hajric@hotmail.com, tariksmaka@hotmail.com, barakovic.sabina@gmail.com, jbarakovic@etf.unsa.ba
Sažetak
(ne postoji na srpskom)
The security of each system is essential for its use. In order to make this process as successful as possible, it is advisable to develop a threat model for the system under consideration at the design stage. The purpose of the threat model is to enable the identification of security threats, by whose further analysis we can conclude which are the greatest vulnerabilities of the system and which pose the greatest risk. There exist many different approaches to threat modeling in terms of methods, methodologies, and tools. In this paper, we give an overview of those approaches and apply one of them, i.e., the most represented and mature to a specific system. A STRIDE-based methodology, software-centric method, and Microsoft Threat Modeling Tool (MTMT) mixture has been used to threat model the Web of Things (WoT)-based temperature management system which is in the design phase.
Reference
*** (2020) Microsoft threat modeling Tool. https://www.microsoft.com/en-us/download/details.aspx?id=49168
*** (2020) Application threat modelling. https://versprite.com/security-offerings/appsec/application-threat-modeling
*** (2020) Common vulnerability scoring system version 3.0. calculator. https://www.first.org/cvss/calculator/3.0
Alberts, C.J., Dorofee, A.J., Stevens, J.F., Woody, C. (2003) Introduction to the OCTAVE approach. Software Engineering Institute, Carnegie Mellon University
Centar informacijske sigurnosti (CIS) (2012) Modeliranje sigurnosnih prijetnji (Threat modelling). https://www.cis.hr/files/dokumenti/CIS-DOC-2012-05-049.pdf
Eng, D. (2017) Integrated threat modelling. University Oslo, MSc Thesis, https://www.duo.uio.no/bitstream/handle/10852/55699/dae-thesis.pdf?sequence=1&isAllowed=y
Haider, M. (2017) Application threat modeling using DREAD and STRIDE. https://haiderm.com/application-threat-modeling-using-dread-and-stride
Kadhirvelan, P.S., Söderberg-Rivkin, A. (2014) Threat modelling and risk assessment within vehicular systems. Chalmers University of Technology & University of Gothenburg, August, MSc Thesis, http://publications.lib.chalmers.se/records/fulltext/202917/202917.pdf
Lund, M.S., Solhaug, B., Stolen, K. (2015) Model-driven risk analysis. http://coras.sourceforge.net
Meadows, P. (2018) Internet of things (IoT) architecture. https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-architecture
Meier, J.D., Mackman, A., Wastell, B., Bansode, P., Taylor, J., Araujo, R. (2010) Threat modeling Web applications. https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff648006(v=pandp.10
Saitta, P., Larcom, B., Eddington, M. (2005) Trike v.1 methodology document. http://www.octotrike.org/papers/Trike_v1_Methodology_Document-draft.pdf
Shevchenko, N., Chick, T.A., O'Riordan, P., Scanlon, T., Woody, C. (2018) Threat modeling: A summary of available methods. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=524448
Shostack, A. (2014) Threat modeling: Designing for security. John Wiley & Sons
Sobers, R. (2020) Must-know cybersecurity statistics for 2020. https://www.varonis.com/blog/cybersecurity-statistics
Swiderski, F., Snyder, W. (2004) Threat modeling. Microsoft Press
W3C (2020) Web of things at W3C
 

O članku

jezik rada: engleski
vrsta rada: neklasifikovan
DOI: 10.5937/telfor2001056H
primljen: 11.03.2020.
revidiran: 12.07.2020.
prihvaćen: 14.07.2020.
objavljen: 31.07.2020.
objavljen u SCIndeksu: 09.10.2020.

Povezani članci

Nema povezanih članaka