a threat model approach to threats and vulnerabilities in on-line social networks - cisis 2010
DESCRIPTION
Presentation at CISIS 2010 International conference of the paper: A Threat Model Approach to Threats and Vulnerabilities in On-line Social NetworksTRANSCRIPT
![Page 1: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/1.jpg)
A Threat Model Approach to Threats and Vulnerabilities in
On-line Social Networks
![Page 2: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/2.jpg)
¿Can i join Facebook?
Mommy
Daddy
![Page 3: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/3.jpg)
Sure you can, love
![Page 4: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/4.jpg)
Why you want to do this to me?
![Page 5: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/5.jpg)
Welcome to the jungle
![Page 6: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/6.jpg)
Threat modellingmethodology
![Page 7: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/7.jpg)
Threats Attacks
Vulnerabilities
Countermeasures
Assets
Risks
Circleof
Risk
compromised by
materialise by
exploit
expose to
mitigated by
protect
![Page 8: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/8.jpg)
Assetsand threats
![Page 9: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/9.jpg)
Private Information
![Page 10: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/10.jpg)
Secondary Data Collection
Digital Dossier Building
Must be protected from
ReidentificationSensitive Attribute Inference
Excessive Exposition of Private Data
Lack of Control over Data Published by
others
![Page 11: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/11.jpg)
Financial Assets
![Page 12: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/12.jpg)
Might suffer from
Frauds and ScamsWorkers Productivity Losses
![Page 13: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/13.jpg)
Intelectual Property
![Page 14: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/14.jpg)
Is threaten by
Publication of Protected
Information
Transfer of Intellectual Rights to
the Platform
![Page 15: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/15.jpg)
Corporate Secrets
![Page 16: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/16.jpg)
Can be obtained through
Social EngineeringCarelessly Publishing
of Confidential Information
![Page 17: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/17.jpg)
Physical Security
![Page 18: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/18.jpg)
Threatened by
Over-sharing of Information
Content Based Image Retrieval
Harassment Between AdultsCyber-bullyingCyber-grooming
![Page 19: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/19.jpg)
Computing and Network Resources
![Page 20: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/20.jpg)
Might be diminished by
New Malware Generations
Multimedia Bandwidth
Dependance
![Page 21: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/21.jpg)
Reputación
Corporate and Personal
Reputation
![Page 22: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/22.jpg)
Damaged by
Automated campaigns to erode
reputationCollusionExtortionRepudiationHerd Effect
![Page 23: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/23.jpg)
Digital Identity
![Page 24: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/24.jpg)
Fake ProfilesOSN’s negligenceIdentity Thefts
Might be affected by
![Page 25: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/25.jpg)
Is it so easy to compromise the security in On-line Social
Networks?
![Page 26: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/26.jpg)
Every system has
its flaws
![Page 27: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/27.jpg)
Vulnerabilities associated with
the Plataform
![Page 28: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/28.jpg)
Difficulty to remove information
Weak authentication method
Non validation of users data during
registration
![Page 29: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/29.jpg)
Vulnerabilities associated
with the Users
![Page 30: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/30.jpg)
Unknowingly disclosure of
navigation data
Information disclosed by the user status
![Page 31: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/31.jpg)
Vulnerabilities associated
with the Photographs
![Page 32: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/32.jpg)
Tagging by others
Implicit information in multimedia
content
![Page 33: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/33.jpg)
In conclusion
![Page 34: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/34.jpg)
On-line Social networks are not so bad
![Page 35: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/35.jpg)
![Page 36: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/36.jpg)
YOU DON’TGET TO500 MILLION
FRIENDSWITHOUT MAKING
A FEWENEMIES
![Page 37: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks - CISIS 2010](https://reader033.vdocuments.mx/reader033/viewer/2022061115/545986e4af79592b448b5804/html5/thumbnails/37.jpg)
References1. Social networking:
http://whyleadnow.files.wordpress.com/2013/07/social_networking.jpg2. Baby using computer:
http://1.bp.blogspot.com/-9DfCepn7WqQ/Ta8lIKKL7UI/AAAAAAAABkU/-Rjjob7TIu8/s1600/kid-using-computer2.jpg
3. Jungle: http://static.fjcdn.com/large/pictures/25/1a/251ade_3429681.jpg
4. Stocks: http://www.masterforex-v.org/system/news/resized/Trjejdjeram_fon_4064364665.jpg
5. Gun: http://ehstoday.com/site-files/ehstoday.com/files/uploads/2012/06/June2012_WorkplaceViolence.jpg
6. George W Bush bad reputation example: http://www.mbetv.com/wp-content/uploads/2010/11/George-W-Bush.jpg
7. Robbery: http://www.1mim.com/wp-content/gallery/black-and-white/1-robbery.jpg
8. Social networks: http://lapalabraylaescucha.files.wordpress.com/2012/02/istock_000006428830xlarge.jpg
9. Facebook enemies: https://lh5.googleusercontent.com/_Khh3MfoDJoQ/TVUsmrBZJyI/AAAAAAAAA9c/3PdbkYswsQ0/facebook.jpg