2011 | OriginalPaper | Chapter
Unified Modeling Technique for Threat Cause Ranking, Mitigation and Testing
Authors : Gaurav Varshney, Ramesh Chandra Joshi, Anjali Sardana
Published in: Contemporary Computing
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
This paper describes a unified modeling technique applied after threat identification step of threat modeling process, for ranking the causes of a threat which is then used for threat mitigation and testing. The paper presents a unique approach that starts with enumeration of causes for each possible threat over the system with construction of threat cause model that diagrammatically describes the causes and sub-causes responsible for the occurrence of a threat. The paper suggests an approach for the ranking of both threats and their causes for effective mitigation. After applying threat cause mitigation strategy, testing of system towards a threat is verified by checking the security at the perimeter of the cause model for that threat. This unique technique assures that ensuring all sub-causes at lowest level of abstraction impossible will make the system safe towards a particular threat. Unlike other techniques this technique is unified as it starts with a threat model for each individual threat, that enumerates causes of their occurrence and then the same is used for mitigation and testing. Hence this strategy can ensure security when applied to all threats over the system.