I would like to introduce a set of conventional terms to label different security systems attackers according to their strength. Nick P initially brought up in the Schneier Blog.
I would like to encourage the application of these terms inside papers written regarding secure systems and protocols.
High Strength Attacker (HSA): An attacker with high capabilities and resources to attack a secure system. Intrusive or passive methodologies and techniques are achievable with presumed insider access into the secure system.
Medium Strength Attacker (MSA): An attacker with moderate capabilities and resources to attack a secure system but the capabilities to gain insider access to a secure system may not always be successful.
Low Strength Attacker (LSA): An attacker with low capabilities and resources to attack a secure system. Such an attacker may have a lower chance than the two other types of attacker to gain insider access into the secure system or may not even have access into the internals of the secure system but may manipulate or listen into the communication interactions between the secure system and it's environment.
No comments:
Post a Comment