MAV: Threat and Vulnerability Analysis Methodology in an integrated multi-platform framework
Abstract
This paper proposes a threat and vulnerability analysis methodology characterized by a high number of interconnected components. The methodology is part of an integrated multiplatform security assessment framework and aims to identify vulnerabilities, the methods used to exploit them, the threat agents, and the threat scenarios resulting from the exploitation of the vulnerabilities. Thus, the methodology results in a list of security threat scenarios that identify the system's security flaws before they can be exploited.References
Almeida, A., Cassiano, J. and Ribeiro, S. (2022) "TecSEG Project - Research, Development and Innovation in Security Assessment Methodologies to Brazil," 2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME).
Barbosa, I. and Ribeiro, S. (2024) "Brazilian Integrated Cross-platform Security Assessment Framework: Context of Cybersecurity Methodology," Proceedings of Eighth International Congress on Information and Communication Technology.
Cassiano, J., Ribeiro, S. and Almeida, A. (2022) "ICpSAF - Integrated Cross-platform Security Assessment Framework," 6th Cyber Security in Networking Conference (CSNet).
Aslan, Ömer & Aktug, Semih & Ozkan Okay, Merve & Yılmaz, Abdullah & Akin, Erdal. (2023). A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. Electronics. 12. 1-42. DOI: 10.3390/electronics12061333.
Check Point. (2024). “Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally”. Disponível em: [link].
CVE (2024), "Overview”. Disponível em: [link]. Acesso em agosto de 2022.
Georgios, Bouloukakis., Nikolaos, Georgantas., Ajay, Kattepur., Houssam, Hajj, Hassan., Valérie, Issarny. (2024). “Automating the Evaluation of Interoperability Effectiveness in Heterogeneous IoT Systems”. DOI: 10.1109/icsa59870.2024.00014,
ISO/IEC 27005, (2022) “Information security, cybersecurity and privacy protection — Guidance on managing information security risks”.
Microsoft, (2009) "The STRIDE Threat Model”. Disponível em: [link].
Nakamura, E., Ribeiro, S., (2019) "A Privacy, Security, Safety, Resilience and Reliability Focused Risk Assessment In a Health IoT System : Results from OCARIoT Project," 2019 Global IoT Summit (GIoTS), Aarhus, Denmark, pp. 1-6, DOI: 10.1109/GIOTS.2019.8766364.
NIST. Patrick D. Gallagher, Under Secretary for Standards and Technology and Director. (2012) “Guide for Conducting Risk Assessments: information security”. Disponível em: [link].
OWASP. Drake, V. (2024) “Threat Modeling”. Disponível em: [link].
Souppaya, M., Montgomery, D., Polk, W., Ranganathan, M., Dodson, D., Barker, W., Johnson, S., Kadam, A., Pratt, C., Thakore, D., et al. (2021). “Securing small-business and home internet of things (iot) devices: Mitigating network-based attacks using manufacturer usage description (mud)”. Technical report, NIST.
Barbosa, I. and Ribeiro, S. (2024) "Brazilian Integrated Cross-platform Security Assessment Framework: Context of Cybersecurity Methodology," Proceedings of Eighth International Congress on Information and Communication Technology.
Cassiano, J., Ribeiro, S. and Almeida, A. (2022) "ICpSAF - Integrated Cross-platform Security Assessment Framework," 6th Cyber Security in Networking Conference (CSNet).
Aslan, Ömer & Aktug, Semih & Ozkan Okay, Merve & Yılmaz, Abdullah & Akin, Erdal. (2023). A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. Electronics. 12. 1-42. DOI: 10.3390/electronics12061333.
Check Point. (2024). “Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally”. Disponível em: [link].
CVE (2024), "Overview”. Disponível em: [link]. Acesso em agosto de 2022.
Georgios, Bouloukakis., Nikolaos, Georgantas., Ajay, Kattepur., Houssam, Hajj, Hassan., Valérie, Issarny. (2024). “Automating the Evaluation of Interoperability Effectiveness in Heterogeneous IoT Systems”. DOI: 10.1109/icsa59870.2024.00014,
ISO/IEC 27005, (2022) “Information security, cybersecurity and privacy protection — Guidance on managing information security risks”.
Microsoft, (2009) "The STRIDE Threat Model”. Disponível em: [link].
Nakamura, E., Ribeiro, S., (2019) "A Privacy, Security, Safety, Resilience and Reliability Focused Risk Assessment In a Health IoT System : Results from OCARIoT Project," 2019 Global IoT Summit (GIoTS), Aarhus, Denmark, pp. 1-6, DOI: 10.1109/GIOTS.2019.8766364.
NIST. Patrick D. Gallagher, Under Secretary for Standards and Technology and Director. (2012) “Guide for Conducting Risk Assessments: information security”. Disponível em: [link].
OWASP. Drake, V. (2024) “Threat Modeling”. Disponível em: [link].
Souppaya, M., Montgomery, D., Polk, W., Ranganathan, M., Dodson, D., Barker, W., Johnson, S., Kadam, A., Pratt, C., Thakore, D., et al. (2021). “Securing small-business and home internet of things (iot) devices: Mitigating network-based attacks using manufacturer usage description (mud)”. Technical report, NIST.
Published
2024-09-16
How to Cite
SILVA, Ariel M.; PEREIRA, João Pedro; MOURA, Raissa S. de; RIBEIRO, Sérgio.
MAV: Threat and Vulnerability Analysis Methodology in an integrated multi-platform framework. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 836-842.
DOI: https://doi.org/10.5753/sbseg.2024.241772.
