원문정보
초록
영어
This paper refers important issues regarding how to evaluate the security threats of the online banking effectively, a system threat analysis method combining STRIDE threat model and threat tree analysis is proposed, which improves the efficiency of the threat analysis greatly and also has good practicability. By applying this method to the online banking system threat analysis, we construct STRIDE threat model on the analysis of the key business data, and then we construct threat tree on the security threat by layer-by-layer decomposition. Thus it gives a detailed threat analysis of the online banking system. This security threat analysis has important significance for the online banking system security analysis and for revealing the threats that the online banking facing.
목차
1. Introduction
2. Data Flow Analysis of Online Banking System
2.1. Representation of Data Flow Diagram
2.2. Analysis of the Online Banking System
3. Analysis of the Online Banking Threat based on STRIDE Model
3.1. Security Hypothesis
3.2. Analysis of Online Banking External Interactor Threats
4. The Construction of Threat Tree
4.1. Logic Relationship of Threat Tree
4.2. Construction of Threat Tree
5. Conclusions
Acknowledgements
References