乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,8,11]],"date-time":"2024-08-11T04:28:26Z","timestamp":1723350506967},"reference-count":37,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2020,11,6]],"date-time":"2020-11-06T00:00:00Z","timestamp":1604620800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"This article covers one of the fundamental problems of information security\u2014building a threat model. The article discusses a new method for identifying typical threats to information confidentiality based on the information flow model. The threat model is based on the description of the system. An incorrect description of the system leads to the formation of an incorrect threat model. A review of the subject area revealed several approaches used to describe the system in terms of circulating information flows. Each of these approaches has its own pros and cons. The model of information flows proposed in this work reduces the description of any information system to an eight-digit alphabet. Analysis of the structure of the elementary information flow identified four typical threats to confidentiality, the Cartesian product of a set of threats and a set of streams is a complete model of typical threats to the confidentiality of information processed in cyberspace.<\/jats:p>","DOI":"10.3390\/sym12111840","type":"journal-article","created":{"date-parts":[[2020,11,9]],"date-time":"2020-11-09T01:23:35Z","timestamp":1604885015000},"page":"1840","source":"Crossref","is-referenced-by-count":7,"title":["A Model of Threats to the Confidentiality of Information Processed in Cyberspace Based on the Information Flows Model"],"prefix":"10.3390","volume":"12","author":[{"given":"Egoshin N.","family":"S.","sequence":"first","affiliation":[{"name":"Department of Complex Information Security of Computer Systems, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-3222-9956","authenticated-orcid":false,"given":"Konev A.","family":"A.","sequence":"additional","affiliation":[{"name":"Department of Complex Information Security of Computer Systems, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}]},{"given":"Shelupanov A.","family":"A.","sequence":"additional","affiliation":[{"name":"Department of Complex Information Security of Computer Systems, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}]}],"member":"1968","published-online":{"date-parts":[[2020,11,6]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Shelupanov, A., Evsyutin, O., Konev, A., Kostyuchenko, E., Kruchinin, D., and Nikiforov, D. (2019). Information Security Methods\u2014Modern Research Directions. Symmetry, 11.","DOI":"10.3390\/sym11020150"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Novokhrestov, A., Konev, A., Shelupanov, A., and Buymov, A. (2020). Computer network threat modelling. J. Phys. Conf. Ser., 1488.","DOI":"10.1088\/1742-6596\/1488\/1\/012002"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Novokhrestov, A., Konev, A., and Shelupanov, A. (2019). Model of Threats to Computer Network Software. Symmetry, 11.","DOI":"10.3390\/sym11121506"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"677","DOI":"10.3233\/JCS-2012-0443","article-title":"Information flow in trust management systems","volume":"20","author":"Becker","year":"2012","journal-title":"J. Comput. Secur."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"157","DOI":"10.1016\/j.ijcip.2010.09.001","article-title":"Analysis of information flow security in cyber-physical systems","volume":"3","author":"Akella","year":"2010","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1016\/j.ijcip.2012.08.002","article-title":"Modeling security in cyber\u2013physical systems","volume":"5","author":"Burmester","year":"2012","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_7","unstructured":"Pendergrass, J.C., Heart, K., Ranganathan, C., and Venkatakrishnan, V.N. (2020, September 14). A Threat Table Based Approach to Telemedicine Security. Transactions of the International Conference on Health Information Technology Advancement. Available online: https:\/\/api.semanticscholar.org\/CorpusID:3329736."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Seifert, D., and Reza, H. (2016). A Security Analysis of Cyber-Physical Systems Architecture for Healthcare. Computers, 5.","DOI":"10.3390\/computers5040027"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"2921","DOI":"10.1007\/s10916-011-9770-6","article-title":"Threat Modeling for Electronic Health Record Systems","volume":"36","author":"Almulhem","year":"2011","journal-title":"J. Med. Syst."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Yeboah-Ofori, A., and Islam, S. (2019). Cyber Security Threat Modeling for Supply Chain Organizational Environments. Futur. Internet, 11.","DOI":"10.3390\/fi11030063"},{"key":"ref_11","unstructured":"Ruiz, G., Heymann, E., C\u00e9sar, E., and Miller, B.P. (2020, September 14). Automating Threat Modeling through the Software Development Life-Cycle. Available online: https:\/\/api.semanticscholar.org\/CorpusID:14252675."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2017\/4621587","article-title":"PMCAP: A Threat Model of Process Memory Data on the Windows Operating System","volume":"2017","author":"Pan","year":"2017","journal-title":"Secur. Commun. Netw."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1454","DOI":"10.1002\/sec.599","article-title":"Unified threat model for analyzing and evaluating software threats","volume":"7","author":"Li","year":"2012","journal-title":"Secur. Commun. Netw."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Yan, B., Li, X., and Du, Z. (2012). A Threat Model-Driven Security Testing Approach for Web Application. International In Conference on E-business Technology and Strategy, Proceedings of the Contemporary Research on E-Business Technology and Strategy, Springer.","DOI":"10.1007\/978-3-642-34447-3_14"},{"key":"ref_15","first-page":"2318","article-title":"Threat Modeling Framework for Electrical Distribution SCADA Networks","volume":"23","author":"Arokia","year":"2015","journal-title":"MEJSR"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"1434","DOI":"10.1016\/j.adhoc.2009.04.012","article-title":"Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems","volume":"7","author":"Cardenas","year":"2009","journal-title":"Ad Hoc Netw."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Shelupanov, A. (2019). Threat Model for IoT Systems on the Example of OpenUNB Protocol. Int. J. Emerg. Trends Eng. Res., 283\u2013290.","DOI":"10.30534\/ijeter\/2019\/11792019"},{"key":"ref_18","unstructured":"Ingalsbe, J.A., Shoemaker, D., and Mead, N.R. (2020, September 14). Threat Modeling the Cloud Computing, Mobile Device Toting, Consumerized Enterprise-an Overview of Considerations. AMCIS, Available online: https:\/\/aisel.aisnet.org\/amcis2011_submissions\/359."},{"key":"ref_19","unstructured":"Baquero, A.O., Kornecki, A., and Zalewski, J. (2020, September 14). Threat modeling for aviation computer security. CrossTalk., Available online: https:\/\/www.researchgate.net\/publication\/298822749."},{"key":"ref_20","unstructured":"Olayemi, O., V\u00e4\u00e4n\u00e4nen, A., Haataja, K., and Toivanen, P. (2020, September 14). Security issues in smart homes and mobile health system: Threat analysis, possible countermeasures and lessons learned. Int. J. Inf. Technol. Secur., Available online: https:\/\/erepo.uef.fi\/handle\/123456789\/5124."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Kamatchi, R., and Ambekar, K. (2016). Analyzing Impacts of Cloud Computing Threats in Attack based Classification Models. Indian J. Sci. Technol., 9.","DOI":"10.17485\/ijst\/2016\/v9i21\/95282"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Xiong, W., Krantz, F., and Lagerstr\u00f6m, R. (2019). Threat Modeling and Attack Simulations of Connected Vehicles: A Research Outlook. The 5th International Conference on Information Systems Security and Privacy, SCITEPRESS.","DOI":"10.5220\/0007412104790486"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","article-title":"A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements","volume":"16","author":"Deng","year":"2010","journal-title":"Requir. Eng."},{"key":"ref_24","unstructured":"Tactical Threat Modeling (2020, September 14). Safecode. Available online: https:\/\/safecode.org\/tactical-threat-modeling."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1109\/MSP.2005.119","article-title":"Demystifying the Threat-Modeling Process","volume":"3","author":"Torr","year":"2005","journal-title":"IEEE Secur. Priv."},{"key":"ref_26","first-page":"171","article-title":"Threat-driven design and analysis of secure software architectures","volume":"1","author":"Xu","year":"2006","journal-title":"J. Inf. Assur. Secur."},{"key":"ref_27","unstructured":"Chen, X., Liu, Y., and Yi, J. (2012). A security evaluation framework based on STRIDE model for software in networks. Int. J. Adv. Comput. Technol., Available online: https:\/\/api.semanticscholar.org\/Corpus."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"489","DOI":"10.1016\/j.procs.2014.05.452","article-title":"Classification of Security Threats in Information Systems","volume":"32","author":"Jouini","year":"2014","journal-title":"Procedia Comput. Sci."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"727","DOI":"10.3103\/S0146411615080106","article-title":"Adaptive reflexivity threat protection","volume":"49","author":"Lavrova","year":"2015","journal-title":"Autom. Control. Comput. Sci."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"534","DOI":"10.1109\/JSYST.2015.2453215","article-title":"Modeling and Verification of Insider Threats Using Logical Analysis","volume":"11","author":"Kammuller","year":"2015","journal-title":"IEEE Syst. J."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.is.2014.12.002","article-title":"Integrated smart grid systems security threat model","volume":"53","author":"Suleiman","year":"2015","journal-title":"Inf. Syst."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"50","DOI":"10.4018\/IJSSE.2015070103","article-title":"An Alternative Threat Model-based Approach for Security Testing","volume":"6","author":"Falah","year":"2015","journal-title":"Int. J. Secur. Softw. Eng."},{"key":"ref_33","first-page":"301","article-title":"A social dimensional cyber threat model with formal concept analysis and fact-proposition inference","volume":"5","author":"Sharma","year":"2013","journal-title":"Int. J. Inf. Comput. Secur."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"162","DOI":"10.1007\/s12209-009-0029-y","article-title":"Threat modeling-oriented attack path evaluating algorithm","volume":"15","author":"Li","year":"2009","journal-title":"Trans. Tianjin Univ."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"2587","DOI":"10.1109\/TSP.2016.2529584","article-title":"Asymmetric Threat Modeling Using HMMs: Bernoulli Filtering and Detectability Analysis","volume":"64","author":"Granstrom","year":"2016","journal-title":"IEEE Trans. Signal Process."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Zegzhda, P., Zegzhda, D., Kalinin, M., and Konoplev, A. (2012). Security Modeling of Grid Systems Using Petri Nets. International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, Proceedings of the Computer Network Security, Springer.","DOI":"10.1007\/978-3-642-33704-8_25"},{"key":"ref_37","unstructured":"Shostack, A. (2014). Threat Modeling: Designing for Security, John Wiley & Sons."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/11\/1840\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,5]],"date-time":"2024-07-05T02:22:41Z","timestamp":1720146161000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/11\/1840"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,6]]},"references-count":37,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2020,11]]}},"alternative-id":["sym12111840"],"URL":"https:\/\/doi.org\/10.3390\/sym12111840","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,11,6]]}}}