TY - GEN
T1 - An implementation-independent threat model for group communications
AU - Hester, Jason
AU - Yurcik, William
AU - Campbell, Roy
PY - 2006
Y1 - 2006
N2 - The importance of group communications and the need to efficiently and reliably support it across a network is an issue of growing importance for the next decade. New group communication services are emerging such as multimedia conferencing/groupware, distributed interactive simulations, sensor fusion systems, command and control centers, and network-centric military applications. While a succession of point-to-point unicast routes could provide group communications, this approach is inherently inefficient and unlikely to support the increased resource requirements of these new services. There is the lack of a comprehensive process to designing security into group communications schemes. Designing such protection for group communications is best done by utilizing proactive system engineering rather than reacting with ad hoc countermeasures to the latest attack du jour. Threat modeling is the foundation for secure system engineering processes because it organizes system threats and vulnerabilities into general classes so they can be addressed with known protection techniques. Although there has been prior work on threat modeling primarily for software applications, however, to our knowledge this is the first attempt at implementation-independent threat modeling for group communications. We discuss protection challenges unique to group communications and propose a process to create a threat model for group communication systems independent of underlying implementation based on classical security principles (Confidentiality, Integrity, Availability, Authentication, or CIAA). It is our hope that this work will lead to better designs for protection solutions against threats to group communication systems.
AB - The importance of group communications and the need to efficiently and reliably support it across a network is an issue of growing importance for the next decade. New group communication services are emerging such as multimedia conferencing/groupware, distributed interactive simulations, sensor fusion systems, command and control centers, and network-centric military applications. While a succession of point-to-point unicast routes could provide group communications, this approach is inherently inefficient and unlikely to support the increased resource requirements of these new services. There is the lack of a comprehensive process to designing security into group communications schemes. Designing such protection for group communications is best done by utilizing proactive system engineering rather than reacting with ad hoc countermeasures to the latest attack du jour. Threat modeling is the foundation for secure system engineering processes because it organizes system threats and vulnerabilities into general classes so they can be addressed with known protection techniques. Although there has been prior work on threat modeling primarily for software applications, however, to our knowledge this is the first attempt at implementation-independent threat modeling for group communications. We discuss protection challenges unique to group communications and propose a process to create a threat model for group communication systems independent of underlying implementation based on classical security principles (Confidentiality, Integrity, Availability, Authentication, or CIAA). It is our hope that this work will lead to better designs for protection solutions against threats to group communication systems.
KW - Group communications
KW - Multicast
KW - Security
KW - Threat modeling
UR - http://www.scopus.com/inward/record.url?scp=33747367507&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33747367507&partnerID=8YFLogxK
U2 - 10.1117/12.664962
DO - 10.1117/12.664962
M3 - Conference contribution
AN - SCOPUS:33747367507
SN - 0819462977
SN - 9780819462978
T3 - Proceedings of SPIE - The International Society for Optical Engineering
BT - Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2006
T2 - Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2006
Y2 - 17 April 2006 through 18 April 2006
ER -