MAV: Metodologia de Análise de Ameaças e Vulnerabilidades em um framework integrado multiplataforma
Resumo
Este artigo propõe uma metodologia de análise de ameaças e vulnerabilidades, caracterizada por um alto número de componentes interconectados. A metodologia faz parte de um framework integrado de avaliação de segurança multiplataforma e tem como objetivo a identificação das vulnerabilidades, os métodos utilizados para explorá-las, os agentes de ameaça e os cenários de ameaça resultantes da exploração das vulnerabilidades. Assim, a metodologia resulta em uma lista de cenários de ameaças à segurança que identificam as falhas de segurança do sistema antes que possam ser exploradas.Referências
Almeida, A., Cassiano, J. and Ribeiro, S. (2022) "TecSEG Project - Research, Development and Innovation in Security Assessment Methodologies to Brazil," 2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME).
Barbosa, I. and Ribeiro, S. (2024) "Brazilian Integrated Cross-platform Security Assessment Framework: Context of Cybersecurity Methodology," Proceedings of Eighth International Congress on Information and Communication Technology.
Cassiano, J., Ribeiro, S. and Almeida, A. (2022) "ICpSAF - Integrated Cross-platform Security Assessment Framework," 6th Cyber Security in Networking Conference (CSNet).
Aslan, Ömer & Aktug, Semih & Ozkan Okay, Merve & Yılmaz, Abdullah & Akin, Erdal. (2023). A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. Electronics. 12. 1-42. DOI: 10.3390/electronics12061333.
Check Point. (2024). “Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally”. Disponível em: [link].
CVE (2024), "Overview”. Disponível em: [link]. Acesso em agosto de 2022.
Georgios, Bouloukakis., Nikolaos, Georgantas., Ajay, Kattepur., Houssam, Hajj, Hassan., Valérie, Issarny. (2024). “Automating the Evaluation of Interoperability Effectiveness in Heterogeneous IoT Systems”. DOI: 10.1109/icsa59870.2024.00014,
ISO/IEC 27005, (2022) “Information security, cybersecurity and privacy protection — Guidance on managing information security risks”.
Microsoft, (2009) "The STRIDE Threat Model”. Disponível em: [link].
Nakamura, E., Ribeiro, S., (2019) "A Privacy, Security, Safety, Resilience and Reliability Focused Risk Assessment In a Health IoT System : Results from OCARIoT Project," 2019 Global IoT Summit (GIoTS), Aarhus, Denmark, pp. 1-6, DOI: 10.1109/GIOTS.2019.8766364.
NIST. Patrick D. Gallagher, Under Secretary for Standards and Technology and Director. (2012) “Guide for Conducting Risk Assessments: information security”. Disponível em: [link].
OWASP. Drake, V. (2024) “Threat Modeling”. Disponível em: [link].
Souppaya, M., Montgomery, D., Polk, W., Ranganathan, M., Dodson, D., Barker, W., Johnson, S., Kadam, A., Pratt, C., Thakore, D., et al. (2021). “Securing small-business and home internet of things (iot) devices: Mitigating network-based attacks using manufacturer usage description (mud)”. Technical report, NIST.
Barbosa, I. and Ribeiro, S. (2024) "Brazilian Integrated Cross-platform Security Assessment Framework: Context of Cybersecurity Methodology," Proceedings of Eighth International Congress on Information and Communication Technology.
Cassiano, J., Ribeiro, S. and Almeida, A. (2022) "ICpSAF - Integrated Cross-platform Security Assessment Framework," 6th Cyber Security in Networking Conference (CSNet).
Aslan, Ömer & Aktug, Semih & Ozkan Okay, Merve & Yılmaz, Abdullah & Akin, Erdal. (2023). A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. Electronics. 12. 1-42. DOI: 10.3390/electronics12061333.
Check Point. (2024). “Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally”. Disponível em: [link].
CVE (2024), "Overview”. Disponível em: [link]. Acesso em agosto de 2022.
Georgios, Bouloukakis., Nikolaos, Georgantas., Ajay, Kattepur., Houssam, Hajj, Hassan., Valérie, Issarny. (2024). “Automating the Evaluation of Interoperability Effectiveness in Heterogeneous IoT Systems”. DOI: 10.1109/icsa59870.2024.00014,
ISO/IEC 27005, (2022) “Information security, cybersecurity and privacy protection — Guidance on managing information security risks”.
Microsoft, (2009) "The STRIDE Threat Model”. Disponível em: [link].
Nakamura, E., Ribeiro, S., (2019) "A Privacy, Security, Safety, Resilience and Reliability Focused Risk Assessment In a Health IoT System : Results from OCARIoT Project," 2019 Global IoT Summit (GIoTS), Aarhus, Denmark, pp. 1-6, DOI: 10.1109/GIOTS.2019.8766364.
NIST. Patrick D. Gallagher, Under Secretary for Standards and Technology and Director. (2012) “Guide for Conducting Risk Assessments: information security”. Disponível em: [link].
OWASP. Drake, V. (2024) “Threat Modeling”. Disponível em: [link].
Souppaya, M., Montgomery, D., Polk, W., Ranganathan, M., Dodson, D., Barker, W., Johnson, S., Kadam, A., Pratt, C., Thakore, D., et al. (2021). “Securing small-business and home internet of things (iot) devices: Mitigating network-based attacks using manufacturer usage description (mud)”. Technical report, NIST.
Publicado
16/09/2024
Como Citar
SILVA, Ariel M.; PEREIRA, João Pedro; MOURA, Raissa S. de; RIBEIRO, Sérgio.
MAV: Metodologia de Análise de Ameaças e Vulnerabilidades em um framework integrado multiplataforma. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 836-842.
DOI: https://doi.org/10.5753/sbseg.2024.241772.