Threat modeling for virtual directory services

Claycomb, William R.; Shin, Dongwan

doi:10.1109/ccst.2009.5335550

Cited by 5 publications

(3 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ANOA [41] is a generic framework to define and analyze anonymity of communication networks, while the frameworks presented in [38,50] target the secure design of data routing protocols. Finally, other works build specialized threat models for specific classes of distributed systems, e.g., storage systems [48], virtual directory services [44], and unmanned aerial vehicle systems [52], rather than introducing a framework.…”

Section: Related Workmentioning

confidence: 99%

ABC: A Cryptocurrency-Focused Threat Modeling Framework

Almashaqbeh

Bishop

Cappos

2019

IEEE INFOCOM 2019 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)

View full text Add to dashboard Cite

Cryptocurrencies are an emerging economic force, but there are concerns about their security. This is due, in part, to complex collusion cases and new threat vectors that could be missed by conventional security assessment strategies. To address these issues, we propose ABC, an Asset-Based Cryptocurrency-focused threat modeling framework capable of identifying such risks. ABC's key innovation is the use of collusion matrices. A collusion matrix forces a threat model to cover a large space of threat cases while simultaneously manages this process to prevent it from being overly complex. Moreover, ABC derives a systemspecific threat categories that account for the financial aspects and the new asset types that cryptocurrencies introduce. We demonstrate that ABC is effective by conducting a user study and by presenting realworld use cases. The user study showed that around 71% of those who used ABC were able to identify financial security threats, as compared to only 13% of participants who used the popular framework STRIDE. The use cases further attest to the usefulness of ABC's tools for both cryptocurrency-based systems, as well as a cloud native security technology. This shows the potential of ABC as an effective security assessment technique for various types of large-scale distributed systems.

show abstract

Section: Related Workmentioning

confidence: 99%

ABC: A Cryptocurrency-Focused Threat Modeling Framework

Almashaqbeh

Bishop

Cappos

2019

IEEE INFOCOM 2019 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)

View full text Add to dashboard Cite

show abstract

“…Attacks on directory services and virtual directories can range from simply stealing information from a directory to more complicated attacks [1,3]. However, little work has been done to address attacks specific to VDS.…”

Section: Introductionmentioning

confidence: 98%

“…However, little work has been done to address attacks specific to VDS. The first attempt to address this subject appears in [3], where four specific attack models are outlined: authentication attacks, c 2010 Association for Computing Machinery. ACM acknowledges that this contribution was authored or coauthored by a contractor or affiliate of the U.S. Government.…”

Section: Introductionmentioning

confidence: 99%

A framework for risk analysis in virtual directory security

Claycomb

Shin

2010

Proceedings of the 2010 ACM Symposium on Applied Computing

Self Cite

View full text Add to dashboard Cite

Directory services are used by almost every enterprise computing environment. Virtual directories are components that provide directory services in a highly customized manner. Unfortunately, an analysis of risks posed by their unique position and architecture has not been completed. We present a detailed analysis of six attacks to virtual directory services. We also describe various categories of attack risks, and discuss what is necessary to launch an attack. Finally, we present a framework to use in analyzing these risks.

show abstract

Towards Secure Virtual Directories: A Risk Analysis Framework

Claycomb

Shin

2010

2010 IEEE 34th Annual Computer Software and Applications Conference

View full text Add to dashboard Cite

Threat modeling for virtual directory services

Cited by 5 publications

References 4 publications

ABC: A Cryptocurrency-Focused Threat Modeling Framework

ABC: A Cryptocurrency-Focused Threat Modeling Framework

A framework for risk analysis in virtual directory security

Towards Secure Virtual Directories: A Risk Analysis Framework

Contact Info

Product

Resources

About