View
295
Download
0
Category
Preview:
DESCRIPTION
Presentation at CISIS 2010 International conference of the paper: A Threat Model Approach to Threats and Vulnerabilities in On-line Social Networks
Citation preview
A Threat Model Approach to Threats and Vulnerabilities in
On-line Social Networks
¿Can i join Facebook?
Mommy
Daddy
Sure you can, love
Why you want to do this to me?
Welcome to the jungle
Threat modellingmethodology
Threats Attacks
Vulnerabilities
Countermeasures
Assets
Risks
Circleof
Risk
compromised by
materialise by
exploit
expose to
mitigated by
protect
Assetsand threats
Private Information
Secondary Data Collection
Digital Dossier Building
Must be protected from
ReidentificationSensitive Attribute Inference
Excessive Exposition of Private Data
Lack of Control over Data Published by
others
Financial Assets
Might suffer from
Frauds and ScamsWorkers Productivity Losses
Intelectual Property
Is threaten by
Publication of Protected
Information
Transfer of Intellectual Rights to
the Platform
Corporate Secrets
Can be obtained through
Social EngineeringCarelessly Publishing
of Confidential Information
Physical Security
Threatened by
Over-sharing of Information
Content Based Image Retrieval
Harassment Between AdultsCyber-bullyingCyber-grooming
Computing and Network Resources
Might be diminished by
New Malware Generations
Multimedia Bandwidth
Dependance
Reputación
Corporate and Personal
Reputation
Damaged by
Automated campaigns to erode
reputationCollusionExtortionRepudiationHerd Effect
Digital Identity
Fake ProfilesOSN’s negligenceIdentity Thefts
Might be affected by
Is it so easy to compromise the security in On-line Social
Networks?
Every system has
its flaws
Vulnerabilities associated with
the Plataform
Difficulty to remove information
Weak authentication method
Non validation of users data during
registration
Vulnerabilities associated
with the Users
Unknowingly disclosure of
navigation data
Information disclosed by the user status
Vulnerabilities associated
with the Photographs
Tagging by others
Implicit information in multimedia
content
In conclusion
On-line Social networks are not so bad
YOU DON’TGET TO500 MILLION
FRIENDSWITHOUT MAKING
A FEWENEMIES
References1. Social networking:
http://whyleadnow.files.wordpress.com/2013/07/social_networking.jpg2. Baby using computer:
http://1.bp.blogspot.com/-9DfCepn7WqQ/Ta8lIKKL7UI/AAAAAAAABkU/-Rjjob7TIu8/s1600/kid-using-computer2.jpg
3. Jungle: http://static.fjcdn.com/large/pictures/25/1a/251ade_3429681.jpg
4. Stocks: http://www.masterforex-v.org/system/news/resized/Trjejdjeram_fon_4064364665.jpg
5. Gun: http://ehstoday.com/site-files/ehstoday.com/files/uploads/2012/06/June2012_WorkplaceViolence.jpg
6. George W Bush bad reputation example: http://www.mbetv.com/wp-content/uploads/2010/11/George-W-Bush.jpg
7. Robbery: http://www.1mim.com/wp-content/gallery/black-and-white/1-robbery.jpg
8. Social networks: http://lapalabraylaescucha.files.wordpress.com/2012/02/istock_000006428830xlarge.jpg
9. Facebook enemies: https://lh5.googleusercontent.com/_Khh3MfoDJoQ/TVUsmrBZJyI/AAAAAAAAA9c/3PdbkYswsQ0/facebook.jpg
Recommended