China
Africa
Explore chapters and articles related to this topic
Establishing the Risk Status of the Corporate Infrastructure
Published in Dan Shoemaker, Anne Kohnke, Ken Sigler, How to Build a Cyber-Resilient Organization, 2018
Shoemaker Dan, Kohnke Anne, Sigler Ken
STRIDE is an acronym that stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege as shown in Figure 3.8. Developed by Microsoft, STRIDE is a threat classification model designed to help identify security threats in six categories in order to help answer the question: “what can go wrong in this system we’re developing or working on?” (Shostack, 2014). The model can be used to find threats against software or can be used more broadly to encompass processes, data stores, data flows, as well as potential attacks against trust boundaries.
MQTT Vulnerabilities, Attack Vectors and Solutions in the Internet of Things (IoT)
Published in IETE Journal of Research, 2023
Ahmed J. Hintaw, Selvakumar Manickam, Mohammed Faiz Aboalmaaly, Shankar Karuppayah
Optimally, depending on the functionality, IoT applications will be subdivided as well as classified as a service, a cloud gateway, a field gateway, or a device will be subdivided. As stated in [158], each one is split with its own confidence boundary and has its requirements of authentication, authorization as well as information used that will impact the process of the threat model. Each element of the system can be measured for identifying threats via utilizing the STRIDE model after modeling the system. STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privileges. Further, the possible threat could be established via using attack trees. Moreover, whereafter identifying the threats, a suitable security mechanism would be clear and can be determined its adoption and where. Next section will describe the possible solutions as its applied to IoT.