January 2023
Intermediate to advanced
214 pages
3h 43m
Chinese
Content preview from 威胁建模:安全设计中的风险识别和规避
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
154 | 第
4
章
4.4.8 Tutamen 威胁模型自动化工具
实施的方法:可视化驱动、STRIDE 方法和威胁库
主要作用:Tutamen 威胁模型自动化工具是一个商业软件即服务(SaaS)产品(截
至 2019 年 10 月,免费测试版),有一个有趣的方法:以 draw.io 或 Visio 格式或
Excel 电子表格上传你的系统图,并接收你的威胁模型。必须使用与安全相关的
元数据、信任区域和要分配给元素的权限对数据进行注解。一般报告将识别要
素、数据流和威胁,并提出缓解措施。
及时性:经常更新的商业产品
获取来源:http://www.tutamantic.com
4.5 基于 ML 和 AI 的威胁建模
这是一个“人工智能解决一切”的时代
注 23
。然而,安全行业的现状是,我们还
没有准备好进行威胁建模的飞跃。
1
我们在利用机器学习(ML)和人工智能(AI)进行威胁建模方面进行了一些研
究。这是很自然的,因为今天的人工智能是过去专家系统的进步。这些系统基
于推理引擎处理的规则,试图满足一组需求,从而使被建模的系统进入令人满
意的状态。或者系统会指出任何认为解决方案不可能的差异。
机器学习是建立在这样一个前提之上的:当你对足够的数据进行分类之后,就
会出现允许你对任何新数据进行分类的模式。试图将其转化为威胁建模领域可
能很棘手。例如,在网络安全领域,为了训练分类算法,很容易产生大量同时
携带“好”和“坏”流量的数据。但是,在威胁建模中,可能没有足够的数据
集,这意味着你无法训练算法来逼真地识别威胁。这会立即将你带到一种方法 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.