Network Threat Modeling
نویسنده
چکیده
Threat Modeling Threat modeling is an important risk assessment and mitigation practice that provides the capability to secure a network environment. Threat modeling includes understanding and communicating the threats to the network computing environment. It is critical to be aware of the types of threats and how to reduce or mitigate the risk both in systems and applications on network aware devices. The information and protections discussed in Howard & LeBlanc’s Writing Secure Code, 2 Ed., in writing more secure software can be applied to networks as well as to software applications.
منابع مشابه
Threat Modeling as a Basis for Security Requirements
We routinely hear vendors claim that their systems are “secure.” However, without knowing what assumptions are made by the vendor, it is hard to justify such a claim. Prior to claiming the security of a system, it is important to identify the threats to the system in question. Enumerating the threats to a system helps system architects develop realistic and meaningful security requirements. In ...
متن کاملInsider Threat Analysis Using Information-Centric Modeling
Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation of an information-centric, graphics-o...
متن کاملNSME: A Framework for Network Worm Modeling and Simulation
Various worms have a devastating impact on Internet. Packet level network modeling and simulation has become an approach to find effective countermeasures against worm threat. However, current alternatives are not fit enough for this purpose. For instance, they mostly focus on the details of lower layers of the network so that the abstraction of application layer is very coarse. In our work, we...
متن کاملA threat risk modeling framework for Geospatial Weather Information System (GWIS) a DREAD based study
Over the years, the focus has been on protecting network, host, database and standard applications from internal and external threats. The Rapid Application Development (RAD) process makes the web application extremely short and makes it difficult to eliminate the vulnerabilities. Here we study web application risk assessment technique called threat risk modeling to improve the security of the ...
متن کاملSecurity and Vulnerability of Cyber-Physical Infrastructure Networks: A Control-Theoretic Approach
The purpose of this chapter is to (1) introduce notions of security for the physical dynamics of complex cyber-physical networks and (2) provide a tutorial on control-theoretic tools for network inference that are promising for evaluation of such dynamic notions of security. Classically, computer scientists and infrastructure network engineers have conceptualized the modeling and resolution of ...
متن کامل