iang comments on Adam's (and friends) work on Threat Modeling. ian takes issue with the same STRIDE point that I don't like (my repudiation rant will be familiar to anyone who has taken my classes).
Threat | Security Property | |
Spoofing | --> | Authentication |
Tampering | --> | Integrity |
Dispute | --> | Evidence |
Information Disclosure | --> | Encryption |
Denial of Service | --> | Availability |
Elevation of Privilege | --> | Authorisation |
Could not agree more with changing Repudiation --> PKI to Dispute --> evidence/audit
Connecting the dots further to standards and implementations we can see how our security standards position us to deal with threats
Threat | Security Property | Standard |
Spoofing | Authentication | XML Sig - widely implemented |
Tampering | Integrity | XML Sig - widely implemented |
Dispute | Evidence/Audit | None - (note this is why we need WS-Anasazi) |
Information Disclosure | Encryption | XML Enc - widely implemented |
Denial of Service | Availability | No standard |
Elevation of Privilege | Authorization | XACML, SAML ADA - not widely implemented |
So in a nutshell, start with a threat model, identify relevant countermeasures, the look for the standards and patterns that address them
If you consult a modern dictionary, you won't find "repudiation" (or the even worse "non-repudiation") anywhere except Wikipedia. It's a word that was invented by the PKI crowd to describe an alleged benefit of the technology. "Evidence," indeed, is the converse and gets closer to the real nub of the issue.
Posted by: Andrew Jaquith | March 14, 2008 at 12:50 PM
> If you consult a modern dictionary, you won't find
> "repudiation" (or the even worse "non-repudiation")
> anywhere except Wikipedia.
Sorry Andrew, but repudiate and repudiation are both found in Merriam-Webster Online
http://www.merriam-webster.com/
Posted by: stacy | March 18, 2008 at 08:48 AM