{"title":"Functional Modeling as a Basis for Classifying Security Threats","authors":"A. Konev","doi":"10.1109/SIBCON56144.2022.10003024","DOIUrl":null,"url":null,"abstract":"Building a threat model plays one of the key roles in assessing the security of information systems. In this case, a rather important point is to establish a connection between the description of the protected object (functions of processing the protected information) and the list of threats directed at the protected object. One of the possible ways to describe the protected processes in information systems is to build a functional model. The proposed study examines the relationship between the IDEF0 functional modeling methodology and various classes of threats. The basic idea is as follows: different types of arrows in the IDEF0 notation correspond to different types of threats. The horizontal arrows correspond to threats of confidentiality and integrity violation of data, storage media, and other objects. Mechanism arrows correspond to threats and attacks directed at components of information systems (disabling components, introducing malware, etc.). Control arrows correspond to threats related to system trust (errors during development, implementation of undocumented features). The article provides a classification of threats based on the typing of arrows in the IDEF0 notation, and examples of threats for typical functions of processing protected information.","PeriodicalId":265523,"journal":{"name":"2022 International Siberian Conference on Control and Communications (SIBCON)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Siberian Conference on Control and Communications (SIBCON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIBCON56144.2022.10003024","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Building a threat model plays one of the key roles in assessing the security of information systems. In this case, a rather important point is to establish a connection between the description of the protected object (functions of processing the protected information) and the list of threats directed at the protected object. One of the possible ways to describe the protected processes in information systems is to build a functional model. The proposed study examines the relationship between the IDEF0 functional modeling methodology and various classes of threats. The basic idea is as follows: different types of arrows in the IDEF0 notation correspond to different types of threats. The horizontal arrows correspond to threats of confidentiality and integrity violation of data, storage media, and other objects. Mechanism arrows correspond to threats and attacks directed at components of information systems (disabling components, introducing malware, etc.). Control arrows correspond to threats related to system trust (errors during development, implementation of undocumented features). The article provides a classification of threats based on the typing of arrows in the IDEF0 notation, and examples of threats for typical functions of processing protected information.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
