Update of the threat modeling section

Update of the threat modeling section
This commit is contained in:
TwoSixtyThreeFiftyFour 2022-08-04 15:00:20 +00:00 committed by GitHub
parent 8de6b5bb69
commit 0ef3728442
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -12389,26 +12389,24 @@ Also please consider reading: **<https://github.com/monero-project/monero/blob/m
Here are various threat modeling resources if you want to go deeper in threat modeling. Here are various threat modeling resources if you want to go deeper in threat modeling.
- (My personal favorite) LINDDUN <https://www.linddun.org/> <sup>[[Archive.org]][739]</sup> - The one we recommend: LINDDUN <https://www.linddun.org/> <sup>[[Archive.org]][739]</sup>.
- They provide an online tool to help making your threat model online at <https://www.linddun.org/go><sup>[[Archive.org]](https://web.archive.org/web/https://www.linddun.org/go)</sup>.
- LINDDUN is focused on Privacy but clearly are also perfectly suitable for Anonymity.
- LINDDUN is accessible to all skill levels including beginners (providing many tutorials) but also suitable for highly skilled users.
- LINDDUN is active in the making of the Threat Modeling Manifesto: <https://www.threatmodelingmanifesto.org/> <sup>[[Archive.org]][745]</sup>
Here are alternative resources and models if LINDDUN doesn't suit you:
- Online Operations Security: [https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC]
- STRIDE <https://en.wikipedia.org/wiki/STRIDE_%28security%29> <sup>[[Wikiless]][740]</sup> <sup>[[Archive.org]][741]</sup> - STRIDE <https://en.wikipedia.org/wiki/STRIDE_%28security%29> <sup>[[Wikiless]][740]</sup> <sup>[[Archive.org]][741]</sup>
- PASTA <https://versprite.com/tag/pasta-threat-modeling/> <sup>[[Archive.org]][742]</sup> - PASTA <https://versprite.com/tag/pasta-threat-modeling/> <sup>[[Archive.org]][742]</sup>
And there are quite a few others too, see:
- <https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/> <sup>[[Archive.org]][743]</sup> - <https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/> <sup>[[Archive.org]][743]</sup>
- <https://www.geeksforgeeks.org/threat-modelling/> <sup>[[Archive.org]][744]</sup> - <https://www.geeksforgeeks.org/threat-modelling/> <sup>[[Archive.org]][744]</sup>
You can find some introduction on these on these projects:
- Threat Modeling Manifesto: <https://www.threatmodelingmanifesto.org/> <sup>[[Archive.org]][745]</sup>
- OWASP: <https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html> <sup>[[Archive.org]][746]</sup>
- Online Operations Security: [https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC]
# Appendix B4: Important notes about evil-maid and tampering # Appendix B4: Important notes about evil-maid and tampering
Your context needs to be taken into account. Your context needs to be taken into account.
@ -14513,7 +14511,6 @@ See the [Some last OPSEC thoughts][Some last OPSEC thoughts:] section for some t
[743]: https://web.archive.org/web/https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ [743]: https://web.archive.org/web/https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/
[744]: https://web.archive.org/web/https://www.geeksforgeeks.org/threat-modelling/ [744]: https://web.archive.org/web/https://www.geeksforgeeks.org/threat-modelling/
[745]: https://web.archive.org/web/https://www.threatmodelingmanifesto.org/ [745]: https://web.archive.org/web/https://www.threatmodelingmanifesto.org/
[746]: https://web.archive.org/web/https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html
[https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC]: https://web.archive.org/web/20210711215728/https://github.com/devbret/online-opsec [https://web.archive.org/web/20210711215728/https://github.com/devbret/online-OPSEC]: https://web.archive.org/web/20210711215728/https://github.com/devbret/online-opsec
[747]: https://web.archive.org/web/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf [747]: https://web.archive.org/web/https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2016/02/Telemedia_Act__TMA_.pdf
[748]: https://wikiless.org/wiki/Don%27t_be_evil [748]: https://wikiless.org/wiki/Don%27t_be_evil