基于STRIDE-LM的5G网络安全威胁建模研究与应用

doi:10.3969/j.issn.1671-1122.2020.09.015

信息网络安全 ›› 2020, Vol. 20 ›› Issue (9): 72-76.doi: 10.3969/j.issn.1671-1122.2020.09.015

基于STRIDE-LM的5G网络安全威胁建模研究与应用

毕亲波, 赵呈东()

北京启明星辰信息安全技术有限公司,北京 100093

收稿日期:2020-07-16 出版日期:2020-09-10 发布日期:2020-10-15
通讯作者: 赵呈东 E-mail:Zhao_chengdong@venustech.com.cn
作者简介:毕亲波（1973—）,男,山东,本科,主要研究方向为网络安全|赵呈东（1972—）,男,江苏,高级工程师,博士,主要研究方向为密码学、网络安全

Research and Application of 5G Cybersecurity Threat Modeling Based on STRIDE-LM

BI Qinbo, ZHAO Chengdong()

Beijing Venustech Information Security Technology Co.LTD, Beijing 100093, China

Received:2020-07-16 Online:2020-09-10 Published:2020-10-15
Contact: Chengdong ZHAO E-mail:Zhao_chengdong@venustech.com.cn

摘要/Abstract

摘要：

5G作为“网络的网络”,成为万物互联的纽带和融合创新的驱动力,利用面向服务的架构和开放的服务能力,为多类型用户提供全方位的优质服务。5G 网络特点和业务属性决定了其安全的重要性,而网络安全威胁建模是面对复杂网络进行网络安全最佳实践的起点和重要的一环。文章首先介绍业界成熟的威胁建模方法;然后介绍威胁建模方法论的6大阶段;最后重点阐述5G威胁建模的过程和关键输出结果的样例。

关键词: 5G, 网络安全威胁, 威胁建模, 业务数据流, 攻击面

Abstract:

As a "network of networks", 5G has become the link of the IoT and the driving force for integration and innovation. It uses service-based architecture and open service capabilities to provide a full range of quality services for various types of users and industries. 5G network characteristics and business attributes determine the importance of its security. Threat modeling is the starting point and very important part of cyber security best practices in the face of complex cyberspace. This article first introduces the industry's mature threat modeling methods, then introduces the six major stages of the threat modeling methodology, and finally focuses on the 5G threat modeling process and examples of key output results.

Key words: 5G, cybersecurity threat, threat modeling, data flow, attack surface

中图分类号:

TP309

毕亲波, 赵呈东. 基于STRIDE-LM的5G网络安全威胁建模研究与应用[J]. 信息网络安全, 2020, 20(9): 72-76.

BI Qinbo, ZHAO Chengdong. Research and Application of 5G Cybersecurity Threat Modeling Based on STRIDE-LM[J]. Netinfo Security, 2020, 20(9): 72-76.

图/表 6

图1

图2

图3

图4

图5

表1

参考文献 9

[1]	MICROSOFT. Security Engineering[EB/OL]. https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling, 2020-5-15.
[2]	THEISEN, CHRISTOPHER, MUNAIAH, et al. Attack Surface Definitions: A Systematic Literature Review[EB/OL]. https://www.researchgate.net/publication/326659184_Attack_surface_definitions_A_systematic_literature_review, 2020-5-15.
[3]	XIANG S J, LUO X R. Efficient Reversible Data Hiding in Encrypted Image with Public Key Cryptosystem[J]. EURASIP Journal on Signal Processing in Signal Processing, 2017,17(1):59.
[4]	LI J, LIANG X, DAI C, et al. Reversible Data Hiding Algorithm in Fully Homomorphic Encrypted Domain[J]. Entropy. 2019,21(7):625. doi: 10.3390/e21070625 URL
[5]	XIONG L Z, DONG D P, XIA Z H, et al. High-Capacity Reversible Data Hiding for Encrypted Multimedia Data with Somewhat Homomorphic Encryption[J]. IEEE Access, 2018,6(10):60635-60644. doi: 10.1109/ACCESS.2018.2876036 URL
[6]	WU H T, CHEUNG Y M, ZHUANG Z W, et al. Reversible Data Hiding in Homomorphic Encrypted Images without Preprocessing[EB/OL]. https://www.semanticscholar.org/paper/Reversible-Data-Hiding-in-Homomorphic-Encrypted-Wu-Cheung/1ef843b4c643a8e53fd56dfe19dc30da7707ea28, 2020-3-15.
[7]	KHAN A N, FAN M Y, NAZEER M I, et al. An Efficient Separable Reversible Data Hiding Using Paillier Cryptosystem for Preserving Privacy in Cloud Domain[J]. Electronics, 2019,8(6):682. doi: 10.3390/electronics8060682 URL
[8]	ZHOU N, ZHANG M Q, WANG H, et al. Separable Reversible Data Hiding Scheme in Homomorphic Encrypted Domain Based on NTRU[J]. IEEE Access, 2020,8(1):81412-81424. doi: 10.1109/Access.6287639 URL
[9]	ZHANG Minqing, KE Yan, SU Tingting. Reversible Steganography in Encrypted Domain Based on LWE[J]. Journal of Electronics and Information Technology, 2016,38(2):354-360. doi: 10.11999/JEIT150702 URL
	张敏情, 柯彦, 苏婷婷. 基于LWE的密文域可逆信息隐藏[J]. 电子与信息学报, 2016,38(2):354-360. doi: 10.11999/JEIT150702 URL

威胁分类 STRIDE-LM	属性	描述
Spoofing 欺骗	认证	冒充他人或实体
Tampering 篡改	完整性/ 访问控制	修改数据或代码或信息
Repudiation 抵赖	抗抵赖	声称从未执行过某个操作/行为
Information Disclosure 信息泄露	保密性	向未经授权的个体或角色公开信息或数据
Denial of Service 拒绝服务	可用性	拒绝或降低服务
Elevation of Privilege 权限提升	授权/最下权限	获得未经授权的功能权限
Lateral Movement 横向移动	分段/最小权限	越过控制边界或基于权限提升获得权限

基于STRIDE-LM的5G网络安全威胁建模研究与应用

Research and Application of 5G Cybersecurity Threat Modeling Based on STRIDE-LM

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 9

相关文章 9

编辑推荐

Metrics

本文评价

[1]	刘文懋, 尤扬. 5G新型基础设施的安全防护思路和技术转换[J]. 信息网络安全, 2020, 20(9): 67-71.
[2]	李喆, 韩益亮, 李鱼. 基于Polar码的密钥交换方案[J]. 信息网络安全, 2019, 19(10): 84-90.
[3]	李梁, 张应辉, 邓恺鑫, 张甜甜. 5G智能电网中具有隐私保护的电力注入系统[J]. 信息网络安全, 2018, 18(12): 87-92.
[4]	王东霞，冯学伟，赵刚. 动目标防御机制[J]. 信息网络安全, 2014, 14(9): 98-100.
[5]	佟鑫;张利;戴明. 物联网感知层安全威胁建模研究[J]. , 2013, 13(Z): 0-0.
[6]	张志海;郑春一;张红军. 一种面向等级保护的软件安全需求分析方法研究[J]. , 2013, 13(8): 0-0.
[7]	常艳;王冠. 网络安全渗透测试研究[J]. , 2012, 12(11): 0-0.
[8]	江雷;朱建平. 面向等级保护的软件安全需求分析方法研究[J]. , 2011, 11(9): 0-0.
[9]	许丽娟;雷渭侣. IPv6威胁与零日漏洞的分析研究[J]. , 2009, 9(12): 0-0.