Online Banking Security Analysis based on STRIDE Threat Model
نویسنده
چکیده
This paper refers important issues regarding how to evaluate the security threats of the online banking effectively, a system threat analysis method combining STRIDE threat model and threat tree analysis is proposed, which improves the efficiency of the threat analysis greatly and also has good practicability. By applying this method to the online banking system threat analysis, we construct STRIDE threat model on the analysis of the key business data, and then we construct threat tree on the security threat by layer-by-layer decomposition. Thus it gives a detailed threat analysis of the online banking system. This security threat analysis has important significance for the online banking system security analysis and for revealing the threats that the online banking facing.
منابع مشابه
Security Threat Modeling and Analysis: a Goal-oriented Approach
Threat modeling provides a good foundation for the specification of security requirements during application development. When applied during the early phases of software development, threat modeling empowers developers in several ways. These range from verifying application architecture, identifying and evaluating threats, designing countermeasures, to penetration testing based on a threat mod...
متن کاملA Security Evaluation Framework Based on STRIDE Model for Software in Networks
Software in networks, which is a special kind of applications in service-oriented computing and ultra-large-scale systems, is a complex software system deploying on network environment. Requirements of networked software pose many security problems owing to the dynamic topology structure and users’ uncertainty. How to evaluate the degree of software security in networks is a challenging problem...
متن کاملA STRIDE-based Security Architecture for Software-Defined Networking
While the novelty of Software-Defined Networking (SDN) — the separation of network control and data planes — is appealing and simple enough to foster massive vendor support, the resulting impact on the security of communication networks infrastructures and their management may be tremendous. The paradigm change affects the entire networking architecture. It involves new IP-based management comm...
متن کاملExperiences Threat Modeling at Microsoft
Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data flow diagrams and a threat enumeration technique of ‘STRIDE per element.’ The paper covers some lessons learned which are likely applicab...
متن کاملThreat Modelling with Stride and UML
Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as ma...
متن کامل