System trustworthiness modelling Clause Samples

System trustworthiness modelling. The other approach that is relevant to 5G-ENSURE involves creating a model of the system, which can then be analysed to detect potential threats and identify potential countermeasures. The analyst using such a model is then able to improve trustworthiness (by specifying countermeasures to reduce risks), or at least highlight where users or system components may need to trust other parts of the system. This approach is especially useful if the models can capture risks (and trust) in relation to system components involved in threats, and thus provide insights on how the system architecture and design lead to those specific risks being present. Many methods have been developed to try to identify and analyse threats in ICT-based systems. [▇▇▇▇▇▇▇▇ 2014] breaks the threat modelling process down into four stages: system modelling, threat identification, threat addressing, and validation. Threat identification is usually the most difficult step, for which a range of methodologies have been devised. Three broad classes are normally used:  Asset centric methods: are based on analysing the system to identify assets that contribute to its success, then identifying ways those assets (or their contribution) may be compromised.  Attacker centric methods: are based on understanding who might attack the system and what means they might be able to use, and then identifying where the system may be vulnerable to those attacks.  Software centric methods: are based on finding potential vulnerabilities in the software assets in the system, with a view to guiding implementers to avoid introducing them. Software centric methods are most amenable to automated analysis. For example, Microsoft’s Secure Development Lifecycle (SDL) framework [▇▇▇▇▇▇ 2009] can be supported by STRIDE [▇▇▇▇▇▇▇▇▇ 2004] which is a secure software design tool designed to help developers identify and address threats from spoofing, tempering, repudiation, denial of service, information disclosure, and elevation of privilege. The main problem with automated software centric methods is that the vulnerability databases they use are often quite specific, e.g. based on specific known vulnerabilities in specific operating systems, platforms or application software. Ultimately, the goal is to help programmers avoid making errors, and today the most common approach is still based on raising awareness and providing checklists such as the OWASP Top 10 [OWASP 2013] which are used for manual analysis by software devel...