Threat Modeling: Repudiation in Depth
Threat Modeling: Repudiation in Depth
Repudiation-the third stage in the STRIDE threat modeling framework-involves the acceptance or denial of responsibility. In the case of identity theft, repudiation comes into play when victims deny involvement with the charges racked up by the criminal. These threats impact all sorts of systems, and security professionals and developers need to understand how they work, and how they can ensure that their systems offer defenses that accurately indicate responsibility. In this installment of his Threat Modeling series, Adam Shostack takes a deep dive into the subject of repudiation. Using practical examples, Adam covers the issues of fraud, identity theft, attacks on logs, and repudiation in specific technologies such as blockchain and the cloud.