Threat Modelling for Security Tokens in Web Applications

Cock, Danny De; Wouters, Karel; Schellekens, Dries; Singelée, Dave; Preneel, Bart

doi:10.1007/0-387-24486-7_14

Cited by 15 publications

(14 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several academic teams jointly wrote a paper on analysis of threats that occurred when smart cards are used in web applications (De Cock et al, 2004). Their analysis was a part of the Designing Secure Applications (DeSecA) project, funded by Microsoft.…”

Section: Literature Reviewmentioning

confidence: 99%

“…They investigated common threats in five areas, each focusing on one particular technological building block for web applications. One of these was the smart card, and in particular the electronic identity card (De Cock et al, 2004). Sodiya et al (2006) presented an architecture for producing secure software and threat modeling was the foundation of this architecture.…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Threat Modeling Using Fuzzy Logic Paradigm

Sodiya¹,

Onashoga²,

Oladunjoye³

2007

IISIT

View full text Add to dashboard Cite

Threat modeling, which is the process of identifying, quantifying and analyzing potential threats of computer-based systems, has become a significant consideration towards designing secure software systems. Despite the previous methods adopted for threat modeling, there are still many systems that are probable to attack. In this work, a fuzzy logic-based threat modeling technique is designed. The technique involves the fuzzification of input variables that is based on six major categories of threats (STRIDE-Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege), rule evaluation, and aggregation of the rule outputs. The design is based on Mamdani-style inference system which is very good for the representation of human reasoning and effective analysis. The implementation is done using MATLAB fuzzy logic tools. Using the design to test five computer systems, the result shows a tool that can be effectively used to analyze potential threats to computer-based systems.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

Threat Modeling Using Fuzzy Logic Paradigm

Sodiya¹,

Onashoga²,

Oladunjoye³

2007

IISIT

View full text Add to dashboard Cite

show abstract

“…However, it cannot guard against a person who purchases a cell phone simply for authentication purposes, perhaps with the intention of a spoofing attack. De Cock [5] insists that the very owner of the security token is a security risk because it is easy to give away the token.…”

Section: Introductionmentioning

confidence: 99%

Authentication System Using Location Information on iPad or Smartphone

Takamizawa¹,

Tanaka²

2012

IJCTE

View full text Add to dashboard Cite

Abstract-In the mobile computing industry, smartphones and iPads have emerged as realistic substitutes for notebook computers. For example, the iPad is designed to support a variety of media, including video, sound, and websites. It is different from a cell phone in that it has the ability to use rich e-learning content. However, the iPad does not include special structures for user authentication. For example, it does not have a camera or a device for fingerprint authentication. The purpose of this paper is to explain how to perform effective personal authentication using the built-in capabilities of the iPad or smartphone. For this purpose, we developed a prototype of the authentication system using location information. Fortunately, the iPad and many smartphones came equipped with a GPS facility that can acquire positional information. We compared the information provided by the known address block with the information provided by the iPad (latitude and longitude coordinates). The test results indicate that the developed prototype is effective.

show abstract

“…It is part of a series of papers [1,2,3,4,5], written by different academic teams, that each focus on one particular technological building block for web applications. Each of these papers (including this one) starts from the generic architecture for web applications presented in [1].…”

Section: Introductionmentioning

confidence: 99%

Threat Modelling for Web Services Based Web Applications

Desmet

Jacobs

Piessens

et al.

IFIP — The International Federation for Information Processing

View full text Add to dashboard Cite

Abstract:Threat analysis of a web application can lead to a wide variety of identified threats. Some of these threats will be very specific to the application; others will be more related to the underlying infrastructural software, such as the web or application servers, the database, the directory server and so forth. This paper analyzes the threats that can be related to the use of web services technology in a web application. It is part of a series of papers, written by different academic teams, that each focus on one particular technological building block for web applications.

show abstract

Threat Modelling for Security Tokens in Web Applications

Cited by 15 publications

References 5 publications

Threat Modeling Using Fuzzy Logic Paradigm

Threat Modeling Using Fuzzy Logic Paradigm

Authentication System Using Location Information on iPad or Smartphone

Threat Modelling for Web Services Based Web Applications

Contact Info

Product

Resources

About