Applied Mathematics and Nonlinear Sciences (Jan 2024)
A Construction Method for Grade Protection System Based on STRIDE Threat Modeling
Abstract
In recent years, against the backdrop of the national high attention to cybersecurity, the implementation of grade protection systems has been vigorously carried out in various industries within the Internet+ environment. However, the construction of grade protection systems has gradually revealed several issues: network product providers have a weak security awareness and lack of secure development experiences, leading to systems often failing to meet their grade protection requirements; Grade protection evaluation is complex and tedious, consuming a significant amount of time and labor costs. To address the issues above, this paper proposes a construction method for grade protection systems based on STRIDE threat modeling: by establishing the correspondence between threats and grade protection requirements, threats are eliminated during the system development process while implementing the content of grade protection requirements; through the security verification of threat elimination, materials for grade protection evaluation are accumulated, and work reuse is leveraged to alleviate the workload of grade protection evaluation. Implementing this method can effectively promote the construction of grade protection systems.
Keywords