Online Banking Security Analysis based on STRIDE Threat Model

被引:7
作者
Tong Xin [1 ]
Ban Xiaofang [1 ]
机构
[1] China Informat Technol Secur Evaluat Ctr, Dept Informat Syst Evaluat, Beijing, Peoples R China
来源
INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS | 2014年 / 8卷 / 02期
关键词
Threat modeling; Data flow diagrams; online banking; STRIDE threat model; data stream; threat tree;
D O I
10.14257/ijsia.2014.8.2.28
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This paper refers important issues regarding how to evaluate the security threats of the online banking effectively, a system threat analysis method combining STRIDE threat model and threat tree analysis is proposed, which improves the efficiency of the threat analysis greatly and also has good practicability. By applying this method to the online banking system threat analysis, we construct STRIDE threat model on the analysis of the key business data, and then we construct threat tree on the security threat by layer-by-layer decomposition. Thus it gives a detailed threat analysis of the online banking system. This security threat analysis has important significance for the online banking system security analysis and for revealing the threats that the online banking facing.
引用
收藏
页码:271 / 282
页数:12
相关论文
共 8 条
  • [1] Hernan S., 2006, MSDN MAGAZINE
  • [2] Howard Michael, 2002, WRITING SECURE CODE, V2nd
  • [3] Ikuya M., 2011, P 2010 INT C NETW BA
  • [4] Joris C., 2002, COMPUTERS SECURITY, V3
  • [5] Mockel C., 2010, 2010 6 INT C INF ASS
  • [6] Nigel R., 2005, CARD TECHNOLOGY TODA, V10
  • [7] OWASP, THREAT RISK MOD
  • [8] Stallings W., 2006, RYPTOGRAPHY NETWORK, P9
1