无人机作为一种服务的建设性DIREST安全威胁建模

IF 0.6 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS Journal of Digital Forensics Security and Law Pub Date : 2021-01-01 DOI:10.15394/JDFSL.2021.1695
Fahad E. Salamh, Umit Karabiyik, M. Rogers
{"title":"无人机作为一种服务的建设性DIREST安全威胁建模","authors":"Fahad E. Salamh, Umit Karabiyik, M. Rogers","doi":"10.15394/JDFSL.2021.1695","DOIUrl":null,"url":null,"abstract":"The technology used in drones is similar or identical across drone types and components, with many common risks and opportunities. The purpose of this study is to enhance the risk assessment procedures for Drone as a Service (DaaS) capabilities. STRIDE is an acronym that includes the following security risks: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privileges. The paper presents a modified STRIDE threat model and prioritizes its desired properties (i.e., authenticity, integrity, non-reputability, confidentiality, availability, and authorization) to generate an appropriate DaaS threat model. To this end, the proposed DIREST threat model better meets the overall security assessment needs of DaaS. Moreover, this paper discusses the security risks of drones, identifies best practices for security assessment, and proposes a novel software update mechanism for drones during their operations. We explore the best practices related to drone penetration testing, including an effective methodology to maintain the continuity of drone operations, particularly drones used for emergency, safety, and rescue operations. Moreover, this research raises awareness of DaaS and drone operation in general as well as in the forensic science community due to its focus on the importance of securely operated drones for first responders. Furthermore, we address various aspects of security concerns, including data transmission, software restrictions, and embedded system-related events. In order to propose a security assessment for drones, we incorporate digital forensics and penetration testing techniques related to drone operations. Our results show that the proposed threat model enhances the security of flying devices and provides consistency in digital forensic procedures. This work introduces modifications to the STRIDE threat model based on the current literature, drone images provided by the NIST program, and a firmware static analysis of a zino hubsan brand drone.","PeriodicalId":43224,"journal":{"name":"Journal of Digital Forensics Security and Law","volume":null,"pages":null},"PeriodicalIF":0.6000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A Constructive DIREST Security Threat Modeling for Drone as a Service\",\"authors\":\"Fahad E. Salamh, Umit Karabiyik, M. Rogers\",\"doi\":\"10.15394/JDFSL.2021.1695\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The technology used in drones is similar or identical across drone types and components, with many common risks and opportunities. The purpose of this study is to enhance the risk assessment procedures for Drone as a Service (DaaS) capabilities. STRIDE is an acronym that includes the following security risks: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privileges. The paper presents a modified STRIDE threat model and prioritizes its desired properties (i.e., authenticity, integrity, non-reputability, confidentiality, availability, and authorization) to generate an appropriate DaaS threat model. To this end, the proposed DIREST threat model better meets the overall security assessment needs of DaaS. Moreover, this paper discusses the security risks of drones, identifies best practices for security assessment, and proposes a novel software update mechanism for drones during their operations. We explore the best practices related to drone penetration testing, including an effective methodology to maintain the continuity of drone operations, particularly drones used for emergency, safety, and rescue operations. Moreover, this research raises awareness of DaaS and drone operation in general as well as in the forensic science community due to its focus on the importance of securely operated drones for first responders. Furthermore, we address various aspects of security concerns, including data transmission, software restrictions, and embedded system-related events. In order to propose a security assessment for drones, we incorporate digital forensics and penetration testing techniques related to drone operations. Our results show that the proposed threat model enhances the security of flying devices and provides consistency in digital forensic procedures. This work introduces modifications to the STRIDE threat model based on the current literature, drone images provided by the NIST program, and a firmware static analysis of a zino hubsan brand drone.\",\"PeriodicalId\":43224,\"journal\":{\"name\":\"Journal of Digital Forensics Security and Law\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Digital Forensics Security and Law\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.15394/JDFSL.2021.1695\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Digital Forensics Security and Law","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15394/JDFSL.2021.1695","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 6

摘要

无人机中使用的技术在无人机类型和组件之间是相似或相同的,存在许多共同的风险和机会。本研究的目的是加强无人机即服务(DaaS)能力的风险评估程序。STRIDE是一个缩略词,包含以下安全风险:欺骗、篡改、拒绝、信息泄露、拒绝服务和特权提升。本文提出了一种改进的STRIDE威胁模型,并对其所需的属性(即真实性、完整性、非声誉性、机密性、可用性和授权)进行优先排序,以生成合适的DaaS威胁模型。为此,本文提出的DIREST威胁模型较好地满足了DaaS的整体安全评估需求。此外,本文还讨论了无人机的安全风险,确定了安全评估的最佳实践,并提出了一种新的无人机运行过程中的软件更新机制。我们探讨了与无人机渗透测试相关的最佳实践,包括保持无人机操作连续性的有效方法,特别是用于紧急、安全和救援行动的无人机。此外,这项研究提高了对DaaS和无人机操作以及法医科学界的认识,因为它专注于安全操作无人机对第一响应者的重要性。此外,我们还解决了安全问题的各个方面,包括数据传输、软件限制和嵌入式系统相关事件。为了提出无人机的安全评估,我们结合了与无人机操作相关的数字取证和渗透测试技术。我们的研究结果表明,提出的威胁模型提高了飞行设备的安全性,并提供了数字取证程序的一致性。这项工作介绍了基于当前文献、NIST项目提供的无人机图像以及zino hubsan品牌无人机的固件静态分析对STRIDE威胁模型的修改。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
A Constructive DIREST Security Threat Modeling for Drone as a Service
The technology used in drones is similar or identical across drone types and components, with many common risks and opportunities. The purpose of this study is to enhance the risk assessment procedures for Drone as a Service (DaaS) capabilities. STRIDE is an acronym that includes the following security risks: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privileges. The paper presents a modified STRIDE threat model and prioritizes its desired properties (i.e., authenticity, integrity, non-reputability, confidentiality, availability, and authorization) to generate an appropriate DaaS threat model. To this end, the proposed DIREST threat model better meets the overall security assessment needs of DaaS. Moreover, this paper discusses the security risks of drones, identifies best practices for security assessment, and proposes a novel software update mechanism for drones during their operations. We explore the best practices related to drone penetration testing, including an effective methodology to maintain the continuity of drone operations, particularly drones used for emergency, safety, and rescue operations. Moreover, this research raises awareness of DaaS and drone operation in general as well as in the forensic science community due to its focus on the importance of securely operated drones for first responders. Furthermore, we address various aspects of security concerns, including data transmission, software restrictions, and embedded system-related events. In order to propose a security assessment for drones, we incorporate digital forensics and penetration testing techniques related to drone operations. Our results show that the proposed threat model enhances the security of flying devices and provides consistency in digital forensic procedures. This work introduces modifications to the STRIDE threat model based on the current literature, drone images provided by the NIST program, and a firmware static analysis of a zino hubsan brand drone.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Digital Forensics Security and Law
Journal of Digital Forensics Security and Law COMPUTER SCIENCE, INFORMATION SYSTEMS-
自引率
0.00%
发文量
5
审稿时长
10 weeks
期刊最新文献
A CRITICAL COMPARISON OF BRAVE BROWSER AND GOOGLE CHROME FORENSIC ARTEFACTS Fault Lines In The Application Of International Humanitarian Law To Cyberwarfare To License or Not to License Reexamined: An Updated Report on Licensing of Digital Examiners Under State Private Investigator Statutes Forensic Discoverability of iOS Vault Applications A Combined Approach For Private Indexing Mechanism
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1