Now 57 visitors
Today:440 Yesterday:495
Total: 27463 20S 14P 0R
2024-09-14, Week 37
TACT Journal Homepage
Conference Call for Paper
Author HomePage
Paper Procedure
Paper Submission
Registration Fare
Welcome Message
Statistics & History
Committee
Paper Archives
Outstanding Papers
Conference Proceedings
Presentation Assistant
Travel Information
Photo Gallery
FAQ
Member Login
Scheduler Login
Archives Login
Sponsors
















Presentation Submission Go to [Presentation]
Work Method
Step.1: Submit Slide (Number + File + Description) + Write button (Save) one by one
Step.2: Edit it by selecting the Slide Hyper Link below + Write button (Save)
*** Looking though a Slide Submission Sample (Click!!)

Paper Number
Paper Title
Keyword
On-line Presentation ** Submit YouTube URL
Slide Number * Slide .jpg File: 1.jpg  
** Min. 15 to Max. 40 slides!!
Slide Display
Verbal Description
**Must fill up
Save the slide and description

* You can edit any slide by selecting the Slide # below, edit anything, and then 'Write' button (Save)
ICACT20220353 Slide.17        [Big Slide]       [YouTube] Chrome Click!!
Thanks,

ICACT20220353 Slide.16        [Big Slide]       [YouTube] Chrome Click!!
These are the reference

ICACT20220353 Slide.15        [Big Slide]       [YouTube] Chrome Click!!
Lastly, I want to present a comprehensive remediation plan based on the threat from STRIDE analysis. The remediation plan is divided based on the four types: accept, mitigation, avoid, and transfer. In this analysis, we initiated mitigation approaches. This analysis shows that the majority of the threats are Spoofing, Tampering, and Denial Services. There is a broad understanding that Multi-Factor Authentication will improve against these types of attacks. Therefore, a mitigation approach will continue to defend against these types of attacks.

ICACT20220353 Slide.14        [Big Slide]       [YouTube] Chrome Click!!
The STRIDE analysis was conducted based on the DFD abstraction on the target system. As I mentioned before STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, and Denial of Service. These components are strictly applied to the target system. According to the analysis 6 Spoofing, 15 Tampering, 5 Repudiation 5 Information Disclosure, and 14 Denial of Service have resulted. To conclude, a webcam has a high potential that it can cause a significant cybersecurity breach

ICACT20220353 Slide.13        [Big Slide]       [YouTube] Chrome Click!!
We draw the Firesotrmcx¡¯s webcam system¡¯s Data Flow Diagram. DFD was drawn into Four levels of Firesotrmcx¡¯s Webcam System. It conducts the Four levels of analysis. (Context level to Level 2) It abstracts Entities, Processes and Data Flows. Context level resulted 2 Entities, 2 Processes, and 6 Data Flows. Level 0 resulted 3 Entities, 7 Processes, and 14 Data Flows. Level 1 resulted 5 Entities, 17 Processes, and 29 Data Flows. Level 2 resulted 5 Entities, 53 Processes, and 64 Data Flows.

ICACT20220353 Slide.12        [Big Slide]       [YouTube] Chrome Click!!
This STRIDE analysis was conducted on Firesotrmcx's webcam system. It is a simple webcam structure that directly connects to Raspberry Pi. This camera is specifically designed for parts of robots or other embedded devices. Since it is a simple structure and has cheap coast cameras, it uses many of the development stages in the embedded system.

ICACT20220353 Slide.11        [Big Slide]       [YouTube] Chrome Click!!
After STRIDE analysis is conducted, the evaluator has to come up with a comprehensive remediation plan for the target system. The remediation plan divides to accept, mitigate, avoid and transfer. These remediation plans should come up based on the client¡¯s demand.

ICACT20220353 Slide.10        [Big Slide]       [YouTube] Chrome Click!!
After DFD, you initiate the STRIDE analysis based on the abstraction image from the DFD. STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of privilege. The STRIDE analysis was initiated based on the attacker¡¯s point. On the right side of the STRIDE definition, it is an antonym term of STRIDE analysis which can also say ¡°defender viewpoint¡±

ICACT20220353 Slide.09        [Big Slide]       [YouTube] Chrome Click!!
This is a great example of Level 2 of DFD of the target system. Level 2 in the DFD is The bottom level of the system. Provide a specific overview of the system. It is generally, broken into functions by the function of the target system. Additionally, This diagram is produced by open platform software Microsoft Threat Modeling tool 2016. Additionally, in this analysis, DFD is specified from context level to level 2, and those have to describe all the detailed components in the system.

ICACT20220353 Slide.08        [Big Slide]       [YouTube] Chrome Click!!
This is an excellent example of why do we have to abstract the target system. For instance, in the State of California, you want to head from LA to San Francisco. Without the abstraction, you cant identify the clear direction to the pathway. Therefore, to get a direction on the map, you have to abstract the route. The DFD is the same process. You need a clear abstraction viewpoint of the target system, in order to initiate the threat assessment. 

ICACT20220353 Slide.07        [Big Slide]       [YouTube] Chrome Click!!
In the threat modeling, DFD is the abstraction viewpoint of the target system. It is a logical information flow tool that describes the data flow between the process to process in the system. The STRIDE analysis was conducted based on the vulnerabilities from the DFD.

ICACT20220353 Slide.06        [Big Slide]       [YouTube] Chrome Click!!
First I would like to introduce Data Flow Diagram.  The main purpose of DFD is to draw the abstraction, and the abstraction is methods that discard or hide details to get results that are simpler, uniform, more formal. These results are called models, or also abstractions. So models simplify a system for a certain goal and help to understand, communicate, validate and manage facts, to analyze the system.

ICACT20220353 Slide.05        [Big Slide]       [YouTube] Chrome Click!!
Threat Modeling Initiated usually with 5 processes. However, depending on the target system and the client¡¯s demand, it can modify the process step.   The usual Treat Modeling steps are as follows,   First,  draw Data Flow Diagram is known as DFD  Second, initiate  STRIDE analysis.  Third,  Built the Attack Library,  Fourth, Drawing an attack tree Fifth, come up with the Remediation plan.

ICACT20220353 Slide.04        [Big Slide]       [YouTube] Chrome Click!!
There are simply five reasons why we have to conduct the threat modeling assessment.  First, Threat modeling is an important aspect in developing good functional/non- functional security requirements as well as designing good comprehensive mitigation strategies. Second, Accurately determine the attack surface for the application from the point of view of the attacker. Third, Assign risk to the various threats and come up with a strategic plan. Fourth, Drive the vulnerability mitigation process which can include the mitigation, accept, transfer and avoid. Fifth, Lead to security testing requirements that define the security testing scope of the system

ICACT20220353 Slide.03        [Big Slide]       [YouTube] Chrome Click!!
I would like to read this great quote to start why threat modeling;¡°InfoSec resources can best be applied only if guided by a structured threat assessment process.¡±

ICACT20220353 Slide.02        [Big Slide]       [YouTube] Chrome Click!!
Before I start to share research, I would like to introduce what is Threat Modeling. Some of them have a great knowledge of Threat modeling however, some of them don¡¯t. Therefore, I believed that it is important to go over what is thereat modeling, why this is important, and what is the detailed process to initiated this systematic process.  Threat modeling is part of secure software engineering. Unlike other engineering fields, the majority of the detail components have to initiate via modeling technique. which can include severe threats by humans, opposed to forces due to natural and accidental causes.

ICACT20220353 Slide.01        [Big Slide]       [YouTube] Chrome Click!!
Hello, my name is Jong Jin Cho. I am currently an MS student attending the school of Cybersecurity at Korea University. Today, I would like to introduce Threat Modeling Analysis on FireStormcx's Webcam System.