Computer network threat modelling

Novokhrestov, Aleksey; Konev, Anton; Shelupanov, Alexander; Buymov, A

doi:10.1088/1742-6596/1488/1/012002

Cited by 12 publications

(4 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…В работах [4,5] Не менее важным аспектом становится описание и моделирование узлов и сетей, подверженных уязвимостям, а также соответствующих атак. Методам и нотациям формального описания компьютерных атак посвящено немалое количество научных работ [9][10][11][12][13][14]. В работах [10,11] объясняется важность выбора правильной методологии для описания угроз информационным системам, в работах [12][13][14] предлагаются различные подходы к описанию угроз кибербезопасности.…”

Section: обзор исследованийunclassified

“…Методам и нотациям формального описания компьютерных атак посвящено немалое количество научных работ [9][10][11][12][13][14]. В работах [10,11] объясняется важность выбора правильной методологии для описания угроз информационным системам, в работах [12][13][14] предлагаются различные подходы к описанию угроз кибербезопасности. Предложенные подходы сравниваются в статье [9], в заключении которой упоминается удобство использования MAL для описания сценариев кибератак.…”

Section: обзор исследованийunclassified

See 1 more Smart Citation

Formation of Vulnerable Node «adobe Coldfusion Deserialization of Untrusted Data Vulnerability»

2024

Cybersecurity Issues

View full text Add to dashboard Cite

The purpose of the article: development of a vulnerable node, which includes the analysis of the vulnerability under study, implementation of its automated exploitation, formalization of the attack process, description of detection methods, as well as protection measures.1 Конев Антон Александрович, кандидат технических наук, доцент, ФГБОУ ВО «Томский государственный университет систем управления и радиоэлектроники» (ТУСУР), г. Томск, Россия.

show abstract

Section: обзор исследованийunclassified

Formation of Vulnerable Node «adobe Coldfusion Deserialization of Untrusted Data Vulnerability»

2024

Cybersecurity Issues

View full text Add to dashboard Cite

show abstract

“…Here, we reviewed thirty-two attacks related to authentication and privacy-preserving schemes for 6G mobile network communication security. Due to symmetry in behavior of wireless network threats, multiple distinct criteria are available in the literature to produce a taxonomy of the threat model [28][29][30][31]. Our survey categorized threats in 6G mobile networks into five categories, as shown in Figure 3.…”

Section: Taxonomy For the Threat Modelmentioning

confidence: 99%

Security Concepts in Emerging 6G Communication: Threats, Countermeasures, Authentication Techniques and Research Directions

et al. 2023

View full text Add to dashboard Cite

Challenges faced in network security have significantly steered the deployment timeline of Fifth Generation (5G) communication at a global level; therefore, research in Sixth Generation (6G) security analysis is profoundly necessitated. The prerogative of this paper is to present a survey on the emerging 6G cellular communication paradigm to highlight symmetry with legacy security concepts along with asymmetric innovative aspects such Artificial Intelligence (AI), Quantum Computing, Federated Learning, etc. We present a taxonomy of the threat model in 6G communication in five security legacy concepts, including Confidentiality, Integrity, Availability, Authentication and Access control (CIA3). We also suggest categorization of threat-countering techniques specific to 6G communication into three types: cryptographic methods, entity attributes and Intrusion Detection System (IDS). Thus, with this premise, we distributed the authentication techniques in eight types, including handover authentication, mutual authentication, physical layer authentication, deniable authentication, token-based authentication, certificate-based authentication, key agreement-based authentication and multi-factor authentication. We specifically suggested a series of future research directions at the conclusive edge of this survey.

show abstract

“…in the OS, what parameters it has and what functions it performs, and this is a necessary measure for threat analysis. The authors of [120,126,128,129] described, in detail, the models of the system and threats in both verbal and mathematical forms, which allows them to be used as a basis for further scientific research in this field.…”

Section: Publicationmentioning

confidence: 99%

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

et al. 2022

View full text Add to dashboard Cite

Information security is one of the most important attributes of distributed systems that often operate on unreliable networks. Enabling security features during the development of a distributed system requires the careful analysis of potential attacks or threats in different contexts, a process often referred to as «threat modeling». Information protection should be comprehensive, but it is also necessary to take into account the possibility of the emergence of threats specific to a certain information system. Many public and private organizations are still trying to implement system models and the threats directed at them on their own. The main reason for this is the lack of useful and high-quality methodologies that can help developers design system models. This review explores a variety of the literature on confidentiality- and integrity-aware system design methodologies, as well as threat classification methods, and identifies key issues that may be referenced by organizations to make design system processes easier. In particular, this article takes a look at the extent to which existing methodologies cover objects of protection and methods of classifying threats, as well as whether there are such models of systems in which the object itself and the threats directed at it are described. This includes whether the compiled models exhibit symmetry or asymmetry. This literature research shows that methodologies appear to be heterogeneous and versatile, since existing methodologies often only focus on one object of protection (a system). Based on the given analysis, it can be concluded that the existing methodologies only relate superficially to the description of system models and threats, and it is necessary to develop a more complete abstract model of the protected object and threats aimed at it in order to make this model suitable for any organization and protect it against most threats.

show abstract

Computer network threat modelling

Cited by 12 publications

References 16 publications

Formation of Vulnerable Node «adobe Coldfusion Deserialization of Untrusted Data Vulnerability»

Formation of Vulnerable Node «adobe Coldfusion Deserialization of Untrusted Data Vulnerability»

Security Concepts in Emerging 6G Communication: Threats, Countermeasures, Authentication Techniques and Research Directions

A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats

Contact Info

Product

Resources

About