Threat Modeling

Software Defined Wide Area Network (SD-WAN or SDWAN) is a modern conception and an attractive trend in network technologies. SD-WAN is defined as a specific application of software-defined networking (SDN) to WAN connections. There is growing recognition that SDN and SD-WAN technologies not only expand features, but also expose new vulnerabilities. Unfortunately, at the present time, most vendors say that SD-WAN are perfectly safe, hardened, and fully protected. The goal of this paper is to understand SD-WAN threats using practical approach. We describe basic SD-WAN features and components, investigate an attack surface, explore various vendor features and their security, explain threats and vulnerabilities found in SD-WAN products. We also extend existing SDN threat models by describing new potential threats and attack vectors, provide examples, and consider high-level approaches for their mitigations. The provided results may be used by SD-WAN developers as a part of Secure Software Development Life Cycle (SSDLC), security researchers for penetration testing and vulnerability assessment, system integrators for secure design of SD-WAN solutions, and finally customers for secure deployment operations and configurations of SD-WAN enabled network. The main idea of this work is that SD-WAN threat model involves all traditional network and SDN threats, as well as new product-specific threats, appended by vendors which reinvent or introduce proprietary technologies immature from a security perspective.

C4I (command, control, communications, computer and intelligence) system is a complex system of systems that enables the military commander to achieve decision superiority by affecting adversary's information and information based processes while protecting one`s own information systems. Owing to the sensitivity of military information the security threats to C4I systems are real and growing therefore security is a major challenge in order to maintain integrity, confidentiality, availability and accountability. Different Models and architectures frameworks e.g. DODAF, CDSA have been proposed which decompose the detail structure of C4I systems however these models and frameworks do not provide mechanism to capture associated security risks and issues. Threat modeling is the process to understand different ways system can be attacked which helps towards secure system design and implement countermeasures. This paper suggests that using threat modeling could help to eradicate or reduce the effect of advancing threats to C4I systems. In this paper we also identify how security can be modeled in top down manner e.g. from architecture level to lower level of modeling so that countermeasures can be incorporated on system level rather than on bit by bit basis.

Structured Query Language Injection Attack (SQLIA) is one of the most prevalent cyber attacks against web-based application vulnerabilities; that are manipulated through injection techniques to gain access to restricted data, bypass authentication mechanisms, and execute unauthorized data manipulation language. There are several solutions and approaches for identification and prevention of SQLIA, such as Cryptography, Extensible Markup Language (XML), Pattern Matching, Parsing and Machine Learning. Machine Learning (ML) approach has been found to be profound for SQLIA mitigation, which is implemented through defensive coding approach. Machine Learning Approach requires a lot of data for efficient model training with capability for using several attack patterns. ML approach can be used to mitigate a very hard blind SQL injection attack. An experimental analysis was performed in Waikato Environment for Knowledge Analysis on Logistic Regression (LRN), Stochastic Gradient Descent (SDG), Sequential Minimal Optimization (SMO), Bayes Network (BNK), Instance Based Learner (IBK), Multilayer Perceptron (MLP), Naive Bayes (NBS), and J48. Hold-Out (70%) and 10-fold Cross Validation evaluation techniques were used to evaluate the performance of the supervised learning classification algorithms to choose the best algorithm. The results of Cross Validation technique showed that SMO, IBK and J48 had Accuracy of 99.982%, 99.995% and 99.999% respectively; while Hold-Out technique showed that SMO, IBK and J48 had Accuracy of 99.986 %, 99.989 % and 100 respectively. On the other hand, in Cross Validation technique SMO, IBK and J48 had time to build model value of 10.15sec, 0.06sec, and 14.12sec respectively while in Hold-Out technique SMO, IBK and J48 had time to build model value of 9.71sec, 0.16sec and 14.28sec respectively. From the findings, IBK had the minimum time to build model in Cross Validation technique in addition to better performance in Accuracy, Sensitivity as well as Specificity and was chosen as the classifier for SQLIA detection and prevention. Therefore, beyond Accuracy, other performance evaluation metrics are critical for optimal algorithm selection for predictive analytics.

The risks to conflict practitioners, peacemakers, humanitarian aid workers, and others serving ‘in the field’ are diverse, deeply contextual, and ever-changing. While ample literature exists focused around documenting and evaluating the history of these dangers, far fewer resources have been authored to promote a comprehensive, proactive, and agile framework for predicting, observing, and understanding risks and threats to one's safety and security. While it is true that many organizations provide their employees with carefully-written guides containing security ‘dos and don’ts,’ what are practitioners meant to do when the conditions on the ground change? Instead of providing fixed solutions to emergent problems, this paper argues for a flexible framework to understand security and risk, and as a result, facilitates the development of a sustained, adaptable security posture and risk balance.

The first portion of the paper draws upon a broad review of the relevant research in Critical Security Studies, threat assessment, risk management, and threat modeling to offer guidance to conflict practitioners, with the aim of building an understanding of relevant threats, methods of analysis, and means of mitigation. This engagement explores broad frameworks for understanding security, risk, and threat, as well as contextualizing and situating the role of (technical) threat modeling within a conflict practitioner’s agenda. The themes of interdependent, intersectional conflict, as well as the contributions of the harm reduction framework is central to this approach. Building on these themes, this paper embraces a risk and attack-centric, proactive approach to security including a focus on threat types and attacker motives. The goal of this portion is not to tell practitioners what to protect against, but rather to teach them how to think in security terms, and in doing so, make each individual the best active architect of their own security.

In the second portion of the paper, through a broad survey of contemporary academic and practitioner literature, we assess the present state of the field's readiness to mitigate insecurity and risk. This is accomplished through two pursuits: a formal review of the current academic literature and a systematic review of existing educational-training resources provided to practitioners by their employers, measured through a multi-variable qualitative coding schema. This literature review, in combination with the assessment of educational-training materials, provides a clear picture of the ‘state of the field’ in terms of both scholars and practitioners.

While this paper has begun the inquiry into these key areas of danger for our field, this is not the end but rather a starting point. Beyond this investigation, this study will be continued into the future through a practitioner-focused working group made up of engaged scholars. This working group will be the first set of individuals invited to review this paper, and their engagement will help to shape and guide the next stages, as led by the Better Evidence Project. Since the Better Evidence Project is chiefly focused on providing evidence-based guidance to make peacemaking efforts more effective, facilitating the increased safety of those engaged on the ground is a necessary early step, and essential for long-term, sustained deployments.

The rapid evolution of the Information and Communications Technology (ICT) services transforms the conventional electrical grid into a new paradigm called Smart Grid (SG). Even though SG brings significant improvements, such as increased reliability and better energy management, it also introduces multiple security challenges. One of the main reasons for this is that SG combines a wide range of heterogeneous technologies, including Internet of Things (IoT) devices as well as Supervisory Control and Data Acquisition (SCADA) systems. The latter are responsible for monitoring and controlling the automatic procedures of energy transmission and distribution. Nevertheless, the presence of these systems introduces multiple vulnerabilities because their protocols do not implement essential security mechanisms such as authentication and access control. In this paper, we focus our attention on the security issues of the IEC 60870-5-104 (IEC-104) protocol, which is widely utilized in the European energy sector. In particular, we provide a SCADA threat model based on a Coloured Petri Net (CPN) and emulate four different types of cyber attacks against IEC-104. Last, we used AlienVault's risk assessment model to evaluate the risk level that each of these cyber attacks introduces to our system to confirm our intuition about their severity.

This thesis explores the value of threat models in organisation-wide
security testing of databases. Factors that drive security testing are
explored. Different types of security testing, different approaches to
threat modeling and different database technologies are
considered. The importance of metadata management, particularly for
newer schemaless databases, is highlighted. An integrated approach to
database security testing is proposed which includes white-box,
black-box and grey-box techniques. Sequence dependencies affecting
database security testing are identified. The need for explicit
architecture tiers in database security testing is explained. An
approach to threat modeling and testing based on zones is
proposed. Potential benefits of the proposed approach are
described. The main conclusion is that further research is needed,
both theoretical and applied, into the best ways for organisations to
plan, execute and respond to database security tests. It is possible
that a similar threat-based approach could be applied to testing other
architecture components. A number of other possible research topics
are identified including: threat information exchanges, threat model
tool development and penetration test data management.

This thesis explores the value of threat models in organisation-wide security testing of databases. Factors that drive security testing are explored. Different types of security testing, different approaches to threat modeling and different database technologies are considered. The importance of metadata management, particularly for newer schema- less databases, is highlighted. An integrated approach to database security testing is proposed which includes white-box, black-box and grey-box techniques. Sequence de- pendencies affecting database security testing are identified. The need for explicit archi- tecture tiers in database security testing is explained. An approach to threat modeling and testing based on zones is proposed. Potential benefits of the proposed approach are described. The main conclusion is that further research is needed, both theoretical and applied, into the best ways for organisations to plan, execute and respond to database security tests. It is possible that a similar threat-based approach could be applied to testing other architecture components. A number of other possible research topics are identified including: threat information exchanges, threat model tool development and penetration test data management.

Threat modeling appears as a modern tool in the hands of Information Security experts, Systems administrators and IT professionals in order to address contemporary IT problems. As we can see, though, the process of Threat modelling is a relatively traditional approach, where several systems of assessment have been developed and moreover can be enriched with Data Analytics in order to offer better solutions for actors that are trying to secure their infrastructure from exposition to security events.

Current threat modeling methodologies and tools are biased toward systems under development. While, organizations whose IT portfolio is made up of a large number of legacy systems, that run on fundamentally different and incongruous platforms and with little or no documentation, are left with few options. Rational, objective analysis of threats to assets and exploitable vulnerabilities requires, the portfolio to be represented in a consistent and understandable way based on a systematic, prescriptive, collaborative process that is usable but not burdensome. This paper describes a way to represent an IT portfolio from a security perspective using UML deployment diagrams and, subsequently, a process for threat modeling within that portfolio. To accomplish this, the UML deployment diagram was extended, a template created, and a process defined.

The Hospital Management Information System (SIMRS) functions as a medium for hospital information and hospital management. There are patient medical record data, which is the result of interactions between doctors and sufferer. Medical records are sensitive data so that the security of the hospital management information system needs to be improved to convince users or patients that the data stored on SIMRS is safe at attackers. There are several ways to improve system security, one of which is by threat modeling. Threat modeling aims to identify vulnerabilities and threats that exist in SIMRS. In this paper, threat modeling will use the STRIDE-model. The recognition with the STRIDE-model will then be analyzed and sorted according to the modeling with the STRIDE method. After the analysis is complete, it will be calculated and given a rating based on the DREAD method's assessment. The STRIDE method's results show that there are several threats identified, such as there is one threat on the user side, the webserver is five threats, and the database is three threats. The level of the threat varies from the lowest-level (LowL) to the highest-level (HiL). Based on the threat level, it can be a guide and sequence in improving and improving the security system at SIMRS, starting from the LowL to the HiL

... Tom Johnsten University of South Alabama, TJohnsten@usouthal.edu Matt Campbell University of South Alabama, mattcampbell@usouthal.edu ... Matt Campbell University of South Alabama mattcampbell@usouthal.edu Priya Patidar priya.vpatidar@gmail.com ...

Health records are an integral aspect of any Hospital Management System. With newer innovations in technology, there has been a shift in the way of recording health information. Medical records which used to be managed using various paper charts have now become easier to organize and maintain, thereby increasing the efficiency of medical staff. The Electronic Health Records (EHR) System is becoming a high-tech medical management technology developed for the economic or emerging economic countries like India. In a national health system, the EHR integrates the Electronic Medical Records (EMR) in all collaborating hospitals through different networks. EHR gives healthcare professionals a way to share and manage patient data quickly and effectively. Due to the mass storage of confidential patient data, healthcare organizations are considered as one of the most targeted sectors by intruders. This paper proposes a security framework for EHR system, which takes into consideration the integrity, availability, and confidentiality of health records. The threats posed to the EHR system are modeled by STRIDE modeling tool, and the amount of risk is calculated using DREAD. The paper also suggests the security mechanism and countermeasures based on security standards, which can be utilized in an EHR environment. The paper shows that the utilization of the proposed methods effectively addresses security concerns such as breach of sensitive medical information.

Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities in a system. This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in relation to processing sensitive data in cloud computing environments. It describes the modeling methodology that involved applying Method Engineering to specify characteristics of a cloud privacy threat modeling methodology, different steps in the proposed methodology and corresponding products. We believe that the extended methodology facilitates the application of a privacypreserving cloud software development approach from requirements engineering to design.

... Tom Johnsten University of South Alabama, TJohnsten@usouthal.edu Matt Campbell University of South Alabama, mattcampbell@usouthal.edu ... Matt Campbell University of South Alabama mattcampbell@usouthal.edu Priya Patidar priya.vpatidar@gmail.com ...

Threat modeling is a structured process to identify and enumerate potential threats such as vulnerabilities or lack of defense mechanisms and prioritize security mitigations. Threat modeling intends to equip defenders and the security team with an analysis of what security controls are required based on the current information systems and the threat landscape, the most likely attacks, their methodology, motive, and target system.

The threat modeling process requires collaboration between Security Architects, Security Operations, Network Defenders, SOC, and the Threat Intelligence team to understand each other’s roles, responsibilities, purpose, and challenges.

Readmore.. https://bit.ly/3zh5xIh

... Tom Johnsten University of South Alabama, TJohnsten@usouthal.edu Matt Campbell University of South Alabama, mattcampbell@usouthal.edu ... Matt Campbell University of South Alabama mattcampbell@usouthal.edu Priya Patidar priya.vpatidar@gmail.com ...

Page 1. Identifying Security Requirements Hybrid Technique Vandana Gandotra, Archana Singhal, Punam Bedi, University of Delhi, Delhi, India vandanarla@yahoo.co.in, punambedi@gmail.com, singhal_archana@yahoo.com ... [8] A.Adya, P. Bahl, R. Chandra and L. Qiu. ...

... Tom Johnsten University of South Alabama, TJohnsten@usouthal.edu Matt Campbell University of South Alabama, mattcampbell@usouthal.edu ... Matt Campbell University of South Alabama mattcampbell@usouthal.edu Priya Patidar priya.vpatidar@gmail.com ...

The Hospital Management Information System (SIMRS) functions as a medium for hospital information and hospital management. There are patient medical record data, which is the result of interactions between doctors and sufferer. Medical records are sensitive data so that the security of the hospital management information system needs to be improved to convince users or patients that the data stored on SIMRS is safe at attackers. There are several ways to improve system security, one of which is by threat modeling. Threat modeling aims to identify vulnerabilities and threats that exist in SIMRS. In this paper, threat modeling will use the STRIDE-model. The recognition with the STRIDE-model will then be analyzed and sorted according to the modeling with the STRIDE method. After the analysis is complete, it will be calculated and given a rating based on the DREAD method's assessment. The STRIDE method's results show that there are several threats identified, such as there is on...

This paper begins a process of organizing knowledge of health information security threats into a comprehensive catalog. We begin by describing our risk management perspective of health information security, and then use this perspective to motivate the development of a health information threat tree. We describe examples of three threats, breaking each down into its key risk-related data attributes: threat source and action, the health information asset and its vulnerability, and potential controls. The construction of such a threat catalog is argued to be useful for risk assessment and to inform public health care policy. As no threat catalog is ever complete, guidance for extending the health information security threat tree is given.

Secure routing protocols for mobile ad hoc networks provide the required functionality for proper network operation. If the underlying routing protocol cannot be trusted to follow the protocol operations, additional trust layers, such as authentication, cannot be obtained. ...

Current threat modeling methodologies and tools are biased toward systems under development. While, organizations whose IT portfolio is made up of a large number of legacy systems, that run on fundamentally different and incongruous platforms and with little or no documentation, are left with few options. Rational, objective analysis of threats to assets and exploitable vulnerabilities requires, the portfolio to be represented in a consistent and understandable way based on a systematic, prescriptive, collaborative process that is usable but not burdensome. This paper describes a way to represent an IT portfolio from a security perspective using UML deployment diagrams and, subsequently, a process for threat modeling within that portfolio. To accomplish this, the UML deployment diagram was extended, a template created, and a process defined.

Transportation cyber-physical systems (TCPS) have the potential to generate, process and exchange significant amounts of security-critical, safety-critical and privacy-sensitive information, which makes them attractive targets for cybercriminals. TCPS utilise a wide variety of software, hardware and physical components, interconnected by communications protocols. Computational and physical components (e.g., sensors and actuators) often interface with humans, and include a mix of digital and analog subsystems with interactions in real time (especially where safety and time-critical functions are needed). Cyber-physical systems will underpin critical infrastructure, intelligent transport systems and autonomous vehicles, and form the basis for emerging smart city fabrics.