Welcome to the InfoSci Platform
Reference Hub1
Experiences with Threat Modeling on a Prototype Social Network

Experiences with Threat Modeling on a Prototype Social Network

Anne V. D. M. Kayem, Rotondwa Ratshidaho, Molulaqhooa L. Maoyi, Sanele Macanda
Copyright: © 2014 |Pages: 19
ISBN13: 9781466661585|ISBN10: 1466661585|EISBN13: 9781466661592
DOI: 10.4018/978-1-4666-6158-5.ch014
Cite Chapter Cite Chapter

MLA

Kayem, Anne V. D. M., et al. "Experiences with Threat Modeling on a Prototype Social Network." Information Security in Diverse Computing Environments, edited by Anne Kayem and Christoph Meinel, IGI Global, 2014, pp. 261-279. https://doi.org/10.4018/978-1-4666-6158-5.ch014

APA

Kayem, A. V., Ratshidaho, R., Maoyi, M. L., & Macanda, S. (2014). Experiences with Threat Modeling on a Prototype Social Network. In A. Kayem & C. Meinel (Eds.), Information Security in Diverse Computing Environments (pp. 261-279). IGI Global. https://doi.org/10.4018/978-1-4666-6158-5.ch014

Chicago

Kayem, Anne V. D. M., et al. "Experiences with Threat Modeling on a Prototype Social Network." In Information Security in Diverse Computing Environments, edited by Anne Kayem and Christoph Meinel, 261-279. Hershey, PA: IGI Global, 2014. https://doi.org/10.4018/978-1-4666-6158-5.ch014

Export Reference

Mendeley
Favorite

Abstract

Supported by the Web 3.0 platform that enables dynamic content sharing, social networking applications are a ubiquitous information exchange platform. Content sharing raises the question of privacy with concerns typically centered on vulnerabilities resulting in identity theft. Identifying privacy vulnerabilities is a challenging problem because mitigations are implemented at the end of the software development life cycle, sometimes resulting in severe vulnerabilities. The authors present a prototype experimental social networking platform (HACKMI2) as a case study for a comparative analysis of three popular industry threat-modeling approaches. They focus on identified vulnerabilities, risk impact, and mitigation strategies. The results indicate that software and/or asset-centric approaches provide only a high-level analysis of a system's architecture and are not as effective as attacker-centric models in identifying high-risk security vulnerabilities in a system. Furthermore, attacker-centric models are effective in providing security administrators useful suggestions for addressing security vulnerabilities.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.