Threat Modeling: Repudiation in Depth

Threat Modeling: Repudiation in Depth
Threat Modeling: Repudiation in Depth
English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 0h 25m | 140 MB

Repudiation—the third stage in the STRIDE threat modeling framework—involves the acceptance or denial of responsibility. In the case of identity theft, repudiation comes into play when victims deny involvement with the charges racked up by the criminal. These threats impact all sorts of systems, and security professionals and developers need to understand how they work, and how they can ensure that their systems offer defenses that accurately indicate responsibility. In this installment of his Threat Modeling series, Adam Shostack takes a deep dive into the subject of repudiation. Using practical examples, Adam covers the issues of fraud, identity theft, attacks on logs, and repudiation in specific technologies such as blockchain and the cloud.

Topics include:

  • Message and operational repudiation
  • Fraud, including account takeover
  • Identity theft, including deepfakes and voice cloning
  • Attacks on logs
  • Repudiation in AI, machine learning, and blockchain
  • Applying cryptographic defenses
Table of Contents

1 The threat of repudiation
2 Four-question framework
3 Repudiation as part of STRIDE
4 Message repudiation
5 Operational repudiation
6 Buyers and sellers
7 Intermediaries
8 Account takeover
9 Identity theft and repudiation
10 Catfishing, deepfakes, and voice cloning
11 Attacks on logs
12 Attacks via logs and response systems
13 Cloud
14 AI and machine learning
15 Crypto and blockchain
16 Cryptographic defenses
17 Logs
18 Log analysis
19 Anti-fraud
20 Next steps