[[Assets]]



Add New Page: You are not allowed to add pages Select section/namespace. New page title.
 

Assets

The system must have something that the attacker is interested in; these items/areas of interest are defined as assets. Assets are essentially threat targets, i.e. they are the reason threats will exist. Assets can be both physical assets and abstract assets.

Availability

Availability of services and information from an attackers perspective means that the service or information can be accessed by a set of subjects when it is needed.

  1. *Ability to modify node routing tables*
  2. *Ability to remove/filter traffic*
  3. *Ability to modify security*

User Identities

Identifiability of a subject from an attacker’s perspective means that the attacker can sufficiently identify the subject within a set of subjects, the identifiability set

  1. *ability to profile a user based upon their traffic patterns*

Linkability

Linkability of two or more items of interest (IOIs, e.g., subjects, messages, actions, …) from an attacker’s perspective means that within the system (comprising these and possibly other items), the attacker can sufficiently distinguish whether these IOIs are related or not

  1. ability to profile the tools and destination sed by a user based upon their traffic patterns

Detectability

Detectability of an item of interest (IOI) from an attacker’s perspective means that the attacker can sufficiently distinguish whether it exists or not.