TDDC03 Projects, Spring 2006 A Comparison of Attack Trees Threat Modeling and OCTAVE
نویسندگان
چکیده
Avoidance and discovery of security vulnerabilities in information systems and managing enterprises requires awareness of typical risks and a good understanding of vulnerabilities and threats and their exploitations. Various methods for characterizing, identifying and managing threats have been presented. Bruce Schneier has invented the Attack Trees, Microsoft call their method Threat Modeling and Carnegie Mellon University developed a solution for managing an entire enterprise named OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation). In this paper we compare the three methods of Attack Trees, Threat Modeling and OCTAVE, and also compare two softwares using Attack Trees and Threat Modeling.
منابع مشابه
Threat Modeling for Cloud Data Center Infrastructures
Cloud computing has undergone rapid expansion throughout the last decade. Many companies and organizations have made the transition from tra ditional data centers to the cloud due to its flexibility and lower cost. However, traditional data centers are still being relied upon by those who are less certain about the security of cloud. This problem is highlighted by the fact that there only exis...
متن کاملAn Evolutionary Approach of Attack Graphs and Attack Trees: A Survey of Attack Modeling
The advancement of modern day computing has led to an increase of threats and intrusions. As a result, advanced security measures and threat analysis models are necessary to detect these threats and identify protective measures needed to secure a system. The most popular forms of attack modeling today are attack graphs and attack trees. This literature summarizes the different approaches throug...
متن کاملAttack Patterns for Security Requirements Engineering
The importance of security concerns at requirements engineering time is increasingly recognized. However, little support is available to help requirements engineers elaborate adequate, consistent, and complete security requirements. The paper presents a reuse-based approach for modeling, specifying, and analyzing application-specific security requirements. The method is based on a goal-oriented...
متن کاملAutomating Threat Modeling through the Software Development Life-Cycle
Fixing software security issues early in the development life-cycle reduces its cost dramatically. Companies doing software development know this reality, and they have introduced risk assessment methodologies in their development processes. Unfortunately, these methodologies require engineers to have deep software security skills to carry out some of the most important steps of this process, a...
متن کاملDefense against Insider Threat: a Framework for Gathering Goal-based Requirements
Insider threat is becoming comparable to outsider threat in frequency of security events. This is a very worrying situation, as insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. As a result, organizations can suffer financial losses and damage to assets and to reputation. Despite their importance, insider threats are still not ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006