public
/
docs
5
0
Fork 0
Code Issues 18 Pull Requests 1 Packages Projects Releases Wiki Activity

Define high level threat model levels #13

New Issue
Closed
opened 2024-12-02 17:28:27 +00:00 by anton · 4 comments
anton commented 2024-12-02 17:28:27 +00:00
Owner
Copy Link

https://gist.github.com/lrvick/373a42da700e33c39e30dbc2b65d880f

https://gist.github.com/lrvick/373a42da700e33c39e30dbc2b65d880f
anton self-assigned this 2024-12-02 17:28:32 +00:00
anton added this to the Custody Framework project 2024-12-02 17:28:36 +00:00
anton commented 2024-12-02 17:29:12 +00:00
Author
Owner
Copy Link

This document should be replicated, updated and used as the high level threat model, which can be linked to, and links to other documents such as "tamper proofing methods", "chain of custody", "vaults/safes" etc.

This document should be replicated, updated and used as the high level threat model, which can be linked to, and links to other documents such as "tamper proofing methods", "chain of custody", "vaults/safes" etc.
anton commented 2024-12-04 22:51:57 +00:00
Author
Owner
Copy Link

Going to integrate the CCSS documentation with our threat model and reorganize information. The goal is to have different "aspects" such as "entropy generation", and then all levels specified for that.

The one challenge is how to include higher level assumptions for different levels, so there should exist a section that defines for each level:

  • Type of threat actors
  • Types of attacks

This may be sufficient but additional properties may surface as the docs are written.

This document is important to pin down as the whole system is built on these assumptions.

Going to integrate the CCSS documentation with our threat model and reorganize information. The goal is to have different "aspects" such as "entropy generation", and then all levels specified for that. The one challenge is how to include higher level assumptions for different levels, so there should exist a section that defines for each level: * Type of threat actors * Types of attacks This may be sufficient but additional properties may surface as the docs are written. This document is important to pin down as the whole system is built on these assumptions.
anton added the due date 2024-12-17 2024-12-04 22:54:04 +00:00
anton modified the due date from 2024-12-17 to 2024-12-13 2024-12-04 22:58:26 +00:00
anton modified the due date from 2024-12-13 to 2024-12-06 2024-12-05 20:48:08 +00:00
anton commented 2024-12-05 20:48:36 +00:00
Author
Owner
Copy Link

Going to keep the doc in a "simple" form for now, with the intention of circling back and making it more general down the road.

Going to keep the doc in a "simple" form for now, with the intention of circling back and making it more general down the road.
anton added this to the Vaulting Framework Documentation milestone 2024-12-06 01:31:24 +00:00
anton commented 2024-12-23 20:26:29 +00:00
Author
Owner
Copy Link

The initial draft of this document is complete.

The initial draft of this document is complete.
anton closed this issue 2025-01-02 16:42:12 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
feat/tamper-proofing-chain-of-custody
coding-standards
feat/quorum-kms
Labels
Clear labels   
level-2

   
level-3

   
level-4

   
qvs

Quorum Vaulting System

No Label
level-2
level-3
level-4
qvs
Milestone
Clear milestone
No items
No Milestone
Vaulting Framework Documentation
Projects
Clear projects
No project
Custody Framework
Assignees
Clear assignees
No Assignees
anton
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

2024-12-06

Dependencies

No dependencies set.

Reference: public/docs#13
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?