(15/N) Two more threat types defined:

Undesirable non-repudiation or repudiation

#Repudiation (plausible denial) of what somebody has said / done / known / possessed becomes impossible because an adversary has managed to collect enough evidence to establish undesirable non-repudiation. In other words: the adversary can prove beyond reasonable doubt that "it" happened.

Alternatively, #NonRepudiation (proof beyond reasonable doubt) cannot be established because an adversary has managed to suppress or destroy enough evidence to gain the option of repudiation (plausible denial). In other words: the adversary can plausibly deny "it" happened.

Detecting

An adversary can check for the presence or absence of specific data items, which are tell-tale indicators for something else.

(to be continued)

Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865

#ThreatModeling #4D

(14/N) Having familiarized ourselves with categories of adversaries, their main goals and their respective, overall "modus operandi", let's look at the types of threats posed by them.

Again, it pays to focus on types of threats: We don't want to become mainly alert-triggered, but proactive. There are several frameworks we can borrow ideas from, most notably the LINDDUN framework that is geared toward threats to privacy, and can be extended a bit to cover more ground.

First, our list of threat types:

• #Linking (spotting connections and relationships)
• #Identifying (mapping to identities)
• Undesirable #NonRepudiation or #repudiation
• #Detecting (absence or presence of indicators)
• Data #disclosure (to the unauthorized)
• Manufacturing cooperation (disguised or imposed bad consequences)
• #Obstructing (access, information, resources)
• #NonCompliance
• #Interfering (with information, resources, processes, interactions)

Our definitions of these, for our context:

Linking

An adversary can figure out connections and relationships between formerly isolated items of interest.

Identifiying

An adversary can link items of interest directly to a natural person.

(to be continued)

Start of this thread:
https://mastodon.de/@tuxwise/113503228291818865

LINDDUN:
https://linddun.org/

#ThreatModeling #4D

Look. y'all can't just say you want #diversity in #hamradio and not make it safe for the diversifiers. 🤪 I like how @PrideRadioGroup and OMIK are using #digital comms that inherently support #nonrepudiation--you have to sign up & use your callsign or no talkie for you.👍

re:Boot ~ Creating an AWS Account: ACM.142 Complications led me to create a new AWS account from scratch for my next experiment
~~~~~
by Teri Radichel | Jan 27, 2023
#cloudsecurity #aws #account #root #mfa #nonrepudiation #bestpractices #cybersecurity

https://medium.com/cloud-security/re-boot-creating-an-aws-account-961d8d72eb

"Replace CAPTCHAs with Private Access Tokens" -- could this be the future?

https://developer.apple.com/videos/play/wwdc2022/10077/

#nonRepudiation #security