Paper Info
Title
A Threat Modeling Framework for Evaluating Computing Platforms Against Architectural Attacks.
Abstract
software component misuse a privileged relationship with the hardware to by pass system protections, monitors, or forensic tools. These relationships are often not illegal and exist between system components by design. Hence, even a system with secure hardware and software components, can be architecturally vulnerable. Unfortunately, the existing threat modeling schemes are not applicable for modeling architectural attacks against computing platforms. This is mostly because the existing techniques rely on an abstract representation of a software (.e.g., Data Flow Diagram) as a primary requirement which is not available for a platform as a whole (considering both hardware and software elements). In this paper, we have discussed the necessity of a hardware-software architectural view to system threat modeling. Then, we have proposed Lamellae, a framework adapts threat modeling method to be applicable for untrusted platforms by a holistic approach. Lamellae involves system security architecture for abstract modeling of the platforms. Using the Design structure matrix analysis, Lamellae helps an end-user to identify possible attack vectors against a platform. The framework is a connection point of concepts from system engineering and software security domains. We have applied the framework on a multi-purpose computer with x86-64 architecture as a case-study to show the effectiveness of our framework.
Year
Venue
Field
2018
arXiv: Cryptography and Security
Architecture,Software engineering,Computer science,Threat model,Software security assurance,Computer security,Software,Design structure matrix,Component-based software engineering,Data flow diagram
DocType
Volume
Citations 
Journal
abs/1809.01335
0
PageRank 
References 
Authors
0.34
1
2
Name
Order
Citations
PageRank
Seyyedeh Atefeh Musavi100.68
Mahmoud Reza Hashemi213127.70