Modelling link-level threats in OWASP Threat Dragon with the development of a protection strategy
Threat modelling is an important process when it comes to securing a network at all levels, as it helps identify potential vulnerabilities and threats that could affect the confidentiality, integrity and availability of data. Ensuring the protection of the data link layer is particularly important,...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Zhytomyr Polytechnic State University
2024-06-01
|
| Series: | Технічна інженерія |
| Subjects: | |
| Online Access: | http://ten.ztu.edu.ua/article/view/307792 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846173804108185600 |
|---|---|
| author | Ye.M. Trokoz O.A. Pokotylo N.O. Shchur |
| author_facet | Ye.M. Trokoz O.A. Pokotylo N.O. Shchur |
| author_sort | Ye.M. Trokoz |
| collection | DOAJ |
| description | Threat modelling is an important process when it comes to securing a network at all levels, as it helps identify potential vulnerabilities and threats that could affect the confidentiality, integrity and availability of data. Ensuring the protection of the data link layer is particularly important, as it is responsible for the transmission of data between devices on a local network. In order to effectively identify and eliminate its vulnerabilities, we propose a variant of building a threat model in the OWASP Threat Dragon environment, which provides opportunities for its visualisation and effective risk management. The STRIDE model is chosen to identify threats, and a scale for assessing their risks is proposed. To provide a better understanding of vulnerabilities, a report was generated based on the model, which allows for effective analysis of current information. Thanks to the modelling of link-level threats, we managed to develop effective solutions to improve network security. This will prevent potential attacks at this level and reduce possible risks. The created threat model can be used in many practical scenarios, including in-depth analysis of data transmission channels and identification of possible attack paths. It can also be used to assess risks and develop protection strategies that include encryption, access control and authentication. In addition, the model can improve employee training by raising their awareness of the security of network infrastructu. |
| format | Article |
| id | doaj-art-2a976b5e4a564852b9b35b1d82858d9d |
| institution | Kabale University |
| issn | 2706-5847 2707-9619 |
| language | English |
| publishDate | 2024-06-01 |
| publisher | Zhytomyr Polytechnic State University |
| record_format | Article |
| series | Технічна інженерія |
| spelling | doaj-art-2a976b5e4a564852b9b35b1d82858d9d2024-11-08T10:28:33ZengZhytomyr Polytechnic State UniversityТехнічна інженерія2706-58472707-96192024-06-0119324625410.26642/ten-2024-1(93)-246-254Modelling link-level threats in OWASP Threat Dragon with the development of a protection strategyYe.M. Trokoz0https://orcid.org/0000-0002-4961-7816O.A. Pokotylo1https://orcid.org/0000-0002-1587-235XN.O. Shchur2https://orcid.org/0000-0002-1182-4799Zhytomyr Polytechnic State UniversityZhytomyr Polytechnic State UniversityZhytomyr Polytechnic State UniversityThreat modelling is an important process when it comes to securing a network at all levels, as it helps identify potential vulnerabilities and threats that could affect the confidentiality, integrity and availability of data. Ensuring the protection of the data link layer is particularly important, as it is responsible for the transmission of data between devices on a local network. In order to effectively identify and eliminate its vulnerabilities, we propose a variant of building a threat model in the OWASP Threat Dragon environment, which provides opportunities for its visualisation and effective risk management. The STRIDE model is chosen to identify threats, and a scale for assessing their risks is proposed. To provide a better understanding of vulnerabilities, a report was generated based on the model, which allows for effective analysis of current information. Thanks to the modelling of link-level threats, we managed to develop effective solutions to improve network security. This will prevent potential attacks at this level and reduce possible risks. The created threat model can be used in many practical scenarios, including in-depth analysis of data transmission channels and identification of possible attack paths. It can also be used to assess risks and develop protection strategies that include encryption, access control and authentication. In addition, the model can improve employee training by raising their awareness of the security of network infrastructu.http://ten.ztu.edu.ua/article/view/307792link layer of the osi modelattacksthreat model |
| spellingShingle | Ye.M. Trokoz O.A. Pokotylo N.O. Shchur Modelling link-level threats in OWASP Threat Dragon with the development of a protection strategy Технічна інженерія link layer of the osi model attacks threat model |
| title | Modelling link-level threats in OWASP Threat Dragon with the development of a protection strategy |
| title_full | Modelling link-level threats in OWASP Threat Dragon with the development of a protection strategy |
| title_fullStr | Modelling link-level threats in OWASP Threat Dragon with the development of a protection strategy |
| title_full_unstemmed | Modelling link-level threats in OWASP Threat Dragon with the development of a protection strategy |
| title_short | Modelling link-level threats in OWASP Threat Dragon with the development of a protection strategy |
| title_sort | modelling link level threats in owasp threat dragon with the development of a protection strategy |
| topic | link layer of the osi model attacks threat model |
| url | http://ten.ztu.edu.ua/article/view/307792 |
| work_keys_str_mv | AT yemtrokoz modellinglinklevelthreatsinowaspthreatdragonwiththedevelopmentofaprotectionstrategy AT oapokotylo modellinglinklevelthreatsinowaspthreatdragonwiththedevelopmentofaprotectionstrategy AT noshchur modellinglinklevelthreatsinowaspthreatdragonwiththedevelopmentofaprotectionstrategy |