ICACT20220353 Question.1
Questioner: danakusumo@telkomuniversity.ac.id 2022-02-14 ¿ÀÈÄ 1:37:06 |
ICACT20220353 Answer.1
Answer by Auhor jongjcho@korea.ac.kr 2022-02-14 ¿ÀÈÄ 1:37:06
Chrome  Click!! |
| In your research, please explain how you used the DFD for STRIDE analysis? |
Good Morning! My research was very simple. I draw the DFD from open source code in the Firestorm Webcam system, and then, I initiated STRIDE analysis based on the DFD from the source code. It requires a lot of zero-based knowledge however, it is important to process to initiate. these two analyses create a result that webcam faced a significant threat. |
ICACT20220353 Question.2
Questioner: tomayoon@ieee.org 2022-02-14 ¿ÀÈÄ 1:32:18 |
ICACT20220353 Answer.2
Answer by Auhor jongjcho@korea.ac.kr 2022-02-14 ¿ÀÈÄ 1:32:18
Chrome Click!! |
| First of all, thank you for the good research paper and presentation contents. I would like to know more about the research environment used in this study, and also in detail about the equipment & operating systems, development languages and software libraries you used. |
First of all, it is a great honor to be part of this conference. I didn't use any type of language. I just conduct the analysis based on the open-source code. it draws the DFD from the open-source code and I conduct the STRIDE threat analysis. Thanks, |
ICACT20220353 Question.3
Questioner: shyoon17@korea.ac.kr 2022-02-14 ¿ÀÈÄ 1:38:57 |
ICACT20220353 Answer.3
Answer by Auhor jongjcho@korea.ac.kr 2022-02-14 ¿ÀÈÄ 1:38:57
Chrome Click!! |
| When applying the STRIDE technique, it is applied from multiple perspectives for example, attacker view, asset view etc. From what point of view did the thesis extract the STRIDE? |
Good Morning ! My STRIDE technique solely focused on the attacker's point. |
ICACT20220353 Question.4
Questioner: shyoon17@korea.ac.kr 2022-02-14 ¿ÀÈÄ 4:07:05 |
ICACT20220353 Answer.4
Answer by Auhor jongjcho@korea.ac.kr 2022-02-14 ¿ÀÈÄ 4:07:05
Chrome Click!! |
| author said that STRIDE was applied from an attacker's perspective among the various perspectives that can apply STRIDE, but why did you apply STRIDE from an attacker's perspective among many perspectives? |
Because attackers viewpoint is more efficient in terms of related to resources coast |
ICACT20220353 Question.5
Questioner: dlgusdn2@kaist.ac.kr 2022-02-15 ¿ÀÈÄ 4:48:16 |
ICACT20220353 Answer.5
Answer by Auhor jongjcho@korea.ac.kr 2022-02-15 ¿ÀÈÄ 4:48:16
Chrome Click!! |
| I would like to know more about the research environment used in this study, and further research topic. |
Good afternoon, In this topic, we are more focused on the open-source camera system, firestorm webcam system. we conduct the analysis based on the open-source code. my further interest in this STRIDE technique is that I would like to apply STRIDE analysis on the Medical embedded devices. |
ICACT20220353 Question.6
Questioner: namacabale@gmail.com 2022-02-15 ¿ÀÈÄ 4:50:15 |
ICACT20220353 Answer.6
Answer by Auhor jongjcho@korea.ac.kr 2022-02-15 ¿ÀÈÄ 4:50:15
Chrome Click!! |
| Dear Author, you have a very good research. Is there an existing technology almost similar to your proposal that has been deployed in real world environment? What does it lack that your work specifically addressed? Thank you and stay safe. |
Hello. this technique is developed by Microsoft. therefore, you have to realize that all the products developed by Microsoft used this technique. In my honest opinion, it is one of the important secure by design process, however, not many companies are able to do this technique. |
ICACT20220353 Question.7
Questioner: ehtm94@korea.ac.kr 2022-02-16 ¿ÀÈÄ 1:41:56 |
ICACT20220353 Answer.7
Answer by Auhor jongjcho@korea.ac.kr 2022-02-16 ¿ÀÈÄ 1:41:56
Chrome Click!! |
| It is a great honor to read your paper. Is there a clear criterion for how far abstraction is performed? |
The abstraction is performed based on the Data Flow Diagram. which is breaking the target system from the context level to function by function. which is from the abroad level from the super detail level. |
ICACT20220353 Question.8
Questioner: namacabale@gmail.com 2022-02-16 ¿ÀÈÄ 1:42:37 |
ICACT20220353 Answer.8
Answer by Auhor jongjcho@korea.ac.kr 2022-02-16 ¿ÀÈÄ 1:42:37
Chrome Click!! |
| Dear Author, you have a very good research. Is there an existing technology almost similar to your proposal that has been deployed in real world environment? What does it lack that your work specifically addressed? Thank you and stay safe. |
Hello. this technique is developed by Microsoft. therefore, you have to realize that all the products developed by Microsoft used this technique. In my honest opinion, it is one of the important secure by the design processes, however, not many companies are able to do this technique. |
ICACT20220353 Question.9
Questioner: shyoon17@korea.ac.kr 2022-02-16 ¿ÀÈÄ 3:31:14 |
ICACT20220353 Answer.9
Answer by Auhor jongjcho@korea.ac.kr 2022-02-16 ¿ÀÈÄ 3:31:14
Chrome Click!! |
| It's good to see the authors use STRIDE to model threats. I have some questions. First, I wonder why STRIDE was used among the many threat modeling methods. Second, need to manage risk through the relevant threat modeling, and I am curious about how you proceeded with that part. Third, assuming that risk management was performed, I am curious about how you managed the risk for each risk factor. Fourth, the author did threat modeling for webcam, and I want to know the actual case of the threat to webcam, and I wonder at least one example of how the results are mapped from S, T, R, I, D, and E, respectively. Fifth, I understand that modeling was conducted based on open-source, and I wonder what layer to focus on when creating DFD, how the focused layer distinguishes it from the non-concentrated layer at the low level of DFD and I wonder why the unfocused layer was judged that way. |
|
