CLOSURE: Central Library will be closed Tuesday, July 21, through Saturday, July 25, while emergency repairs are made to the building’s cooling system. We expect to reopen Monday, July 27. Click for more details on holds, program schedules, and returns during the closure. 

Threat Modeling: Denial of Service and Expansion of Authority

Summary

This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.

In this installment of Adam Shostack’s Threat Modeling series covering the STRIDE threat modeling framework, Adam goes over the D and E parts of the framework: denial-of-service and elevation-of-privilege. For both threats, Adam digs deep into two main questions: “What can go wrong?” and “What are we going to do about it?” He details the many targets of denial-of-service attacks like storage, memory, CPU bandwidth, and budget. Adam explains how elevation-of-privilege exists in basically any running code. He then goes over structured methods for ensuring that your systems are resistant to the various types of DoS attacks and elevation-of-privilege attacks. These attacks affect all manner of systems, and having an understanding of how they work and how to combat them are essential parts of a comprehensive approach to cybersecurity.

Subjects

Added Authors

linkedin.com (Firm)