Professional Documents
Culture Documents
Threat models first describe the system, all actors in this system and their position in the system (for example, link,
node). Then, the threat model introduces an attacker in the system and demonstrates the attacker's capacities, i.e.
topological position in the system, resources, possible access, etc.
Threat models in telecommunications systems
The emergence of such a third party increases the complexity of the system, introduces new interfaces and
vulnerabilities and may require a more complicated trust chain.
— Alice and Bob trust each other in the sense of the intended communications, and they both trust the used
telecommunications system to correctly provide the services (private network).
— Alice and Bob trust each other, but do not trust the crossed infrastructure (public network).
— Alice and Bob trust the telecommunications infrastructure but do not trust one another; they will use the
infrastructure as a trusted third party (TTP) to establish a new trust relationship.
Threat models in telecommunications systems
A terminal with a connection interface to a telecommunications system is a more open entity and is thus more
vulnerable.
Attacker can attack the communication channel linking Alice to the telecommunications system. This attack may
be non-intrusive (reading the exchanged data) or intrusive (modification of exchanged data, injection of data,
replay of old data).
A wireless channel is potentially more vulnerable against passive listening by a third person than a network cable,
which normally at least requires physical access to the medium.
Attacker may try to masquerade as a legitimate part of the infrastructure to attract Alice (or Bob) to use its
services. These forms of access can allow Eve to collect information on communications between Alice and Bob
and to manipulate the data flow between the two.
The intrusion into the infrastructure permits to mount "man in the middle" attacks.
An attacker typically uses a combination of targeted and destructive attacks to achieve their goals.
Homogenity vs. heterogenity
The heterogenity of information systems is a major obstacle to the deployment of consistent security policies.
The implementation of security mechanisms in a heterogenous environment is naturally more difficult.
For instance on various links and connections, on different pieces of equipment with different properties, capabilities,
vulnerabilities and of varying usage.
Assuming that the probability of presence of vulnerabilities in a realization of a function is constant, the heterogenity
increases the chances of an attacker finding the vulnerability by multiplying the number of different realizations.
In addition, the management of a heterogenous infrastructure is also more complicated, and contributes considerably
to the complexity of the IS in practice, which in turn introduces new vulnerabilities.
Heterogenity is seen as an important vulnerability of an information system: heterogenous IS are more difficult to
protect but easier to attack.
Homogenity at a global scale is a major vulnerability, because it globally exposes any vulnerability. The exploitation
of these vulnerabilities becomes almost certain, but in particular, the search for such vulnerabilities becomes a highly
attractive task.
The Internet and security
In a system like the Internet, interconnected, standard, open and managed by different authorities (typically by large
operators) under different law systems, attacks are normal. They are different in nature (malicious, failures, oversights,
bad configurations, etc.) and represent different implications, roles and judgments of players with regard to the
targeted resource.