Threat Modeling in Pervasive Computing Paradigm

Malik, Nazir Ahmed; Javed, Mohammed; Mahmud, Umar

doi:10.1109/ntms.2008.ecp.97

Cited by 5 publications

(12 citation statements)

References 4 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This model (Fig. 5) presented as a new threat modeling to incorporate the problem of pervasive computing environment (Malik et al, 2008).…”

Section: Threat Model Framework and Methodology For Personal Networkmentioning

confidence: 99%

“…2) (Malik et al, 2008). In the first step of this model, threat modeling has been addressed on the base of business objectives.…”

Section: Microsoft's Threat Analysis and Modeling (Tam)mentioning

confidence: 99%

“…On the base of threat model, various criteria have to be considered as the main exploitation factors of risks. For instance, Microsoft Threat Modeling introduces Damage potential, Reproducibility, Exploitability, Affected users and Discoverability (DREAD) as different influencing agents of a threat (Malik et al, 2008). The equation that is used to compute a risk value has been shown as follows:…”

Section: Implementing Countermeasurementioning

confidence: 99%

“…Threat modeling collects background information required in the form of usage scenario, external dependencies, implementation assumption, internal and external security implementation detail (Malik et al, 2008). A number of threat modeling techniques have been developed for evaluating and analyzing the threats and vulnerabilities such as:…”

Section: Introductionmentioning

confidence: 99%

“…C Microsoft threat modeling is a model to offer an efficient process that includes five logical steps from classifying assets to addressing and classifying threats and vulnerabilities C Microsoft's Threat Analysis and Modeling (TAM) (Malik et al, 2008) is a model based on business objectives that have to be met by application. The TAM tools have been used to generate and classify threats by measuring their harm effects on system's components C Practical Threat Analysis (PTA) (McRee, 2008) defines an effective risk mitigation plan for specific system architecture to obtain the value of system's assets C Threat model framework and methodology for Personal Networks (PNs) (Jehangir and de Groot, 2012).…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Threat Modeling Approaches for Securing Cloud Computin

Amini¹,

Jamil²,

Ahmad³

et al. 2015

J. of Applied Sciences

View full text Add to dashboard Cite

A B S T R A C TThe cloud computing delivers services of processing data by using parallel and high computational processors virtually and remotely. This is very useful and beneficial to enterprises that have limitations in terms of processing resources, data storages and man power. However, one of the main challenge in cloud computing is data security. Supposed each user has an access to the domain based on the privilege given by the server. However, an attacker always has the opportunity to bypass the privilege by exploring and exploiting every vulnerability and threat found in the cloud computing environment. A systematic approach to identify vulnerabilities and threats is thus very important to ensure only authorized party is allowed to access the data. In this study, several approaches of vulnerability and threat modeling are reviewed and found that none of them is suitable for the cloud computing environment. Therefore, authors presented a dynamic model of identifying vulnerabilities and threats in the cloud computing environment. The proposed model enables the organization to systematically identify vulnerability and threats and analyze the security risk when they use cloud computing services.

show abstract

“…This model (Fig. 5) presented as a new threat modeling to incorporate the problem of pervasive computing environment (Malik et al, 2008).…”

Section: Threat Model Framework and Methodology For Personal Networkmentioning

confidence: 99%

“…2) (Malik et al, 2008). In the first step of this model, threat modeling has been addressed on the base of business objectives.…”

Section: Microsoft's Threat Analysis and Modeling (Tam)mentioning

confidence: 99%

Section: Implementing Countermeasurementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Threat Modeling Approaches for Securing Cloud Computin

Amini¹,

Jamil²,

Ahmad³

et al. 2015

J. of Applied Sciences

View full text Add to dashboard Cite

show abstract

Mitigating Software Vulnerabilities through Secure Software Development with a Policy-Driven Waterfall Model

Hussain,

Anwaar,

Sultan

et al. 2024

Journal of Engineering

View full text Add to dashboard Cite

For the past few years, software security has become a pressing issue that needs to be addressed during software development. In practice, software security is considered after the deployment of software rather than considered as an initial requirement. This delayed action leads to security vulnerabilities that can be catered for during the early stages of the software development life cycle (SDLC). To safeguard a software product from security vulnerabilities, security must be given equal importance with functional requirements during all phases of SDLC. In this paper, we propose a policy-driven waterfall model (PDWM) for secure software development describing key points related to security aspects in the software development process. The security requirements are the security policies that are considered during all phases of waterfall-based SDLC. A framework of PDWM is presented and applied to the e-travel scenario to ascertain its effectiveness. This scenario is a case of small to medium-sized software development project. The results of case study show that PDWM can identify 33% more security vulnerabilities as compared to other secure software development techniques.

show abstract

Comparative Analysis of Threat Modeling Methods for Cloud Computing towards Healthcare Security Practice

Yeng¹,

Wolthusen²,

Yang³

2020

IJACSA

View full text Add to dashboard Cite

Healthcare organizations consist of unique activities including collaborating on patients care and emergency care. The sector also accumulates high sensitive multifaceted patients' data such as text reports, radiology images and pathological slides. The large volume of the data is often stored as Electronic Health Records (EHR) which must be frequently updated while ensuring higher percentage up-time for constant availability of patients' records. Healthcare as a critical infrastructure also needs highly skilled IT personnel, Information and Communication Technology (ICT) and infrastructure with regular maintenance culture. Fortunately, cloud computing can provide these necessary services at a lower cost. But with all thees enormous benefits of cloud computing, it is characterized with various information security issues which is not enticing to healthcare. Amid many threat modelling methods, which of them is suitable for identifying cloud related threats towards the adoption of cloud computing for healthcare? This paper compared threat modelling methods to determine their suitability for identifying and managing healthcare related threats in cloud computing. Threat modelling in pervasive computing (TMP) was identified to be suitable and can be combined with Attack Tree (AT), Attack Graph (AG) and Practical Threat Analysis (PTA) or STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege). Also Attack Tree (AT) could be complemented with TMP, AG and STRIDE or PTA. Healthcare IT security professionals can hence rely on these methods in their security practices, to identify cloud related threats for healthcare. Essentially, privacy related threat modeling methods such as LINDDUN framework, need to be included in these synergy of cloud related threat modelling methods towards enhancing security and privacy for healthcare needs.

show abstract

Threat Modeling in Pervasive Computing Paradigm

Cited by 5 publications

References 4 publications

Threat Modeling Approaches for Securing Cloud Computin

Threat Modeling Approaches for Securing Cloud Computin

Mitigating Software Vulnerabilities through Secure Software Development with a Policy-Driven Waterfall Model

Comparative Analysis of Threat Modeling Methods for Cloud Computing towards Healthcare Security Practice

Contact Info

Product

Resources

About