+ All Categories
Home > Technology > A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Date post: 01-Nov-2014
Category:

Technology
Upload: carlos-laorden
View: 293 times
Download: 0 times
Download Report this document
Share this document with a friend
Description:
Presentation at CISIS 2010 International conference of the paper: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks
Popular Tags:
line social
files
http
vulnerabilities
wordpress
robbery
wp
www
37
A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks
Transcript
Page 1: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

A Threat Model Approach to Threats and Vulnerabilities in

On-line Social Networks

Page 2: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

¿Can i join Facebook?

Mommy

Daddy

Page 3: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Sure you can, love

Page 4: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Why you want to do this to me?

Page 5: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Welcome to the jungle

Page 6: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Threat modellingmethodology

Page 7: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Threats Attacks

Vulnerabilities

Countermeasures

Assets

Risks

Circleof

Risk

compromised by

materialise by

exploit

expose to

mitigated by

protect

Page 8: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Assetsand threats

Page 9: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Private Information

Page 10: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Secondary Data Collection

Digital Dossier Building

Must be protected from

ReidentificationSensitive Attribute Inference

Excessive Exposition of Private Data

Lack of Control over Data Published by

others

Page 11: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Financial Assets

Page 12: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Might suffer from

Frauds and ScamsWorkers Productivity Losses

Page 13: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Intelectual Property

Page 14: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Is threaten by

Publication of Protected

Information

Transfer of Intellectual Rights to

the Platform

Page 15: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Corporate Secrets

Page 16: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Can be obtained through

Social EngineeringCarelessly Publishing

of Confidential Information

Page 17: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Physical Security

Page 18: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Threatened by

Over-sharing of Information

Content Based Image Retrieval

Harassment Between AdultsCyber-bullyingCyber-grooming

Page 19: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Computing and Network Resources

Page 20: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Might be diminished by

New Malware Generations

Multimedia Bandwidth

Dependance

Page 21: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Reputación

Corporate and Personal

Reputation

Page 22: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Damaged by

Automated campaigns to erode

reputationCollusionExtortionRepudiationHerd Effect

Page 23: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Digital Identity

Page 24: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Fake ProfilesOSN’s negligenceIdentity Thefts

Might be affected by

Page 25: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Is it so easy to compromise the security in On-line Social

Networks?

Page 26: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Every system has

its flaws

Page 27: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Vulnerabilities associated with

the Plataform

Page 28: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Difficulty to remove information

Weak authentication method

Non validation of users data during

registration

Page 29: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Vulnerabilities associated

with the Users

Page 30: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Unknowingly disclosure of

navigation data

Information disclosed by the user status

Page 31: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Vulnerabilities associated

with the Photographs

Page 32: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

Tagging by others

Implicit information in multimedia

content

Page 33: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

In conclusion

Page 34: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

On-line Social networks are not so bad

Page 35: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010
Page 36: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

YOU DON’TGET TO500 MILLION

FRIENDSWITHOUT MAKING

A FEWENEMIES

Page 37: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010

References1. Social networking:

http://whyleadnow.files.wordpress.com/2013/07/social_networking.jpg2. Baby using computer:

http://1.bp.blogspot.com/-9DfCepn7WqQ/Ta8lIKKL7UI/AAAAAAAABkU/-Rjjob7TIu8/s1600/kid-using-computer2.jpg

3. Jungle: http://static.fjcdn.com/large/pictures/25/1a/251ade_3429681.jpg

4. Stocks: http://www.masterforex-v.org/system/news/resized/Trjejdjeram_fon_4064364665.jpg

5. Gun: http://ehstoday.com/site-files/ehstoday.com/files/uploads/2012/06/June2012_WorkplaceViolence.jpg

6. George W Bush bad reputation example: http://www.mbetv.com/wp-content/uploads/2010/11/George-W-Bush.jpg

7. Robbery: http://www.1mim.com/wp-content/gallery/black-and-white/1-robbery.jpg

8. Social networks: http://lapalabraylaescucha.files.wordpress.com/2012/02/istock_000006428830xlarge.jpg

9. Facebook enemies: https://lh5.googleusercontent.com/_Khh3MfoDJoQ/TVUsmrBZJyI/AAAAAAAAA9c/3PdbkYswsQ0/facebook.jpg


Recommended
Threats and Vulnerabilities - University of Pittsburgh

Threats and Vulnerabilities - University of Pittsburgh

Documents

Recent Security Threats & Vulnerabilities Computer security

Recent Security Threats & Vulnerabilities Computer security

Documents

Analysis of Network Security Threats and Vulnerabilities ...832701/FULLTEXT01.pdf · Analysis of Network Security Threats and Vulnerabilities by Development & Implementation of a

Analysis of Network Security Threats and Vulnerabilities ...832701/FULLTEXT01.pdf · Analysis of Network Security Threats and Vulnerabilities by Development & Implementation of a

Documents

Chapter 2 - Introduction Vulnerabilities, Threats and Attack

Chapter 2 - Introduction Vulnerabilities, Threats and Attack

Documents

Threats, Vulnerabilities, and Risks

Threats, Vulnerabilities, and Risks

Documents

Threats & Vulnerabilities in Online Social Networks · Threats & Vulnerabilities in Online Social Networks Lei Jin LERSAIS Lab @ School of Information Sciences ... based social authentication

Threats & Vulnerabilities in Online Social Networks · Threats & Vulnerabilities in Online Social Networks Lei Jin LERSAIS Lab @ School of Information Sciences ... based social authentication

Documents

Threats, Vulnerabilities, and Attacks · 2014-03-25 · Threats There are four primary classes of threats to network security: Unstructured threats— Unstructured threats consist

Threats, Vulnerabilities, and Attacks · 2014-03-25 · Threats There are four primary classes of threats to network security: Unstructured threats— Unstructured threats consist

Documents

Mobile Threats 2013: Android Malware & Vulnerabilities

Mobile Threats 2013: Android Malware & Vulnerabilities

Documents

Threats and Vulnerabilities. Objectives Define Threats and Vulnerabilities Different types of threats Examples How you get infected What can be done with.

Threats and Vulnerabilities. Objectives Define Threats and Vulnerabilities Different types of threats Examples How you get infected What can be done with.

Documents

Threats, Vulnerabilities & Security measures in Linux

Threats, Vulnerabilities & Security measures in Linux

Education

INTERNET INSECURITY - profsandhu.com · © Ravi Sandhu 2000-2004 5 THREATS, VULNERABILITIES ASSETS AND RISK THREATS are possible attacks VULNERABILITIES are weaknesses ASSETS are

INTERNET INSECURITY - profsandhu.com · © Ravi Sandhu 2000-2004 5 THREATS, VULNERABILITIES ASSETS AND RISK THREATS are possible attacks VULNERABILITIES are weaknesses ASSETS are

Documents

Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities · 2017. 11. 29. · Analysis of UEFI Threats and Vulnerabilities Anton Sergeev Vladimir Bashun Vector Minchenkov

Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities · 2017. 11. 29. · Analysis of UEFI Threats and Vulnerabilities Anton Sergeev Vladimir Bashun Vector Minchenkov

Documents

Security Threats,Vulnerabilities and Countermeasures

Security Threats,Vulnerabilities and Countermeasures

Documents

Threats, Attacks, and Vulnerabilities · Threats, Attacks, and Vulnerabilities ... Salami Attack from Office Space. ... A computer virus is a type of malware that, when

Threats, Attacks, and Vulnerabilities · Threats, Attacks, and Vulnerabilities ... Salami Attack from Office Space. ... A computer virus is a type of malware that, when

Documents

Master Thesis Vulnerabilities and Threats in IPv6 Environment · Vulnerabilities and Threats in IPv6 Environment This thesis reviews IPv6 security with focus on Local Area Networks

Master Thesis Vulnerabilities and Threats in IPv6 Environment · Vulnerabilities and Threats in IPv6 Environment This thesis reviews IPv6 security with focus on Local Area Networks

Documents

Overcoming Security Threats and Vulnerabilities in SharePoint

Overcoming Security Threats and Vulnerabilities in SharePoint

Software

INFORMATION ASSURANCE: TRENDS IN VULNERABILITIES, THREATS, AND

INFORMATION ASSURANCE: TRENDS IN VULNERABILITIES, THREATS, AND

Documents

Pace IT - Threats & Vulnerabilities Mitigation

Pace IT - Threats & Vulnerabilities Mitigation

Education