A valuable component in a system (that should be protected)
Vulnerability:
An aspect of a system that can be exploited to cause
loss/harm (e.g. a weak password system)
Threat:
Circumstances that have the potential to cause loss or harm
(e.g., gaining unauthorized access)
Adversary (a.k.a. Attacker):
An individual that has the potential to exploit a
vulnerability
Attack/Exploit:
A possible realization of a threat resulting from the
exploitation of a vulnerability by an adversary
(e.g., impersonation of an authorized user)
Incident:
A particular instance of an attack
(e.g., the break-in at JMU in AY1415)
Mitigation/Countermeasure:
An action taken that reduces the likelihood of an attack or
the number/extent of attacks
Categories of Loss/Harm - CIA
Confidentiality/Secrecy:
The improper disclosure of information
Integrity:
The improper modification of information
Availability:
The improper denial of access to services
Categories of Threats - STRIDE
Spoofing:
Impersonation (i.e., false authentication)
Tampering:
Improper modification of information
Repudiation:
Denial of past behavior
Information Disclosure:
Improper disclosure of information
Denial of Service:
Reduced availability
Elevation of Privelege:
Capabilities without authorization
STRIDE (cont.)
Overlap?
The categories don't seem to be disjoint (e.g., spoofing can
be seen as a repudiation threat or an elevation
of privelege threat)
Conceptually Confused?
Threats and harms/losses seem to be intermingled
(e.g., an elevation of privelege can result in tampering)
Categories of Threats - IIMF
Interception:
Improper disclosure of information
Interruption:
Reduced availability
Modification:
Improper modification of information
Fabrication:
Improper creation of data
IIMF vs. STRIDE
What about Repudiation:
Is considered modification or fabrication in IIMF
What about Spoofing:
Is considered a horizontal privelege change in IIMF (i.e., the
attacker assumes the identity of a user with equal priveleges)
that is obtained for another purpose
Elevation of Privelege:
Is considered a vertical privelege change in IIMF
that is obtained for another purpose
Categories of Mitigations/Countermeasures
Identification and Authentication:
Ensure that a user provides an identity and determine that
it is legitimate
Authorization/Access Control:
Ensure that the user is permitted to use an asset
Logging/Auditing:
Ensure that users can't deny that they have used an asset