Comments: The Trouble with Threat Modelling

Nice post!

We do have a chart, very much like the one you present, with threat, "property we'd like," explanation, and example.

I agree with your critique of Repudiation. The hard part about the move you suggest is it breaks our nice acronym, which seems a silly objection, except pronounceable acronyms (like STRIDE) are great mnemonics. Can you suggest an R word we could slip in, and repudiate repudiation? ;)

Adam

Posted by Adam at March 9, 2008 09:30 PM

the non-repudiation schtick we saw in the 90s with payment transactions ... was that it supposedly would be used to change the burden of proof in consumer disputes ... which was worth a lot to merchants/banks (and implied that they would be willing to fork over a whole lot for digital signature infrastructure).

this is akin to some of the activity currently going on in the UK with respect to payment transaction disputes.

this was later brought home by lawyers that we dealt with when we were brought in to help wordsmith the cal. state (and later federal) electronic signature legislation.
http://www.garlic.com/~lynn/subpubkey.html#signature

where there seemed to be quite a tendency to promote semantic confusion just because the terms "human signature" and "digital signature", both contained the word "signature".

Posted by Lynn Wheeler at March 10, 2008 06:33 AM

I got that chart up, with a bit of additional commentary. It's at http://blogs.msdn.com/sdl/archive/2008/03/14/training-people-on-threat-modeling.aspx.


Posted by Adam at March 14, 2008 09:20 PM
Post a comment









Remember personal info?






Hit Preview to see your comment. 
MT::App::Comments=HASH(0x55a15a24c678) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.