From: Orchestrating differential data access for translational research: a pilot implementation
STRIDE Threat/ Function | Shibboleth/Id Federation | REMS | Domain Apps (BioSD, BBMRI Hub, more) | Infrastructure (eg, web servers, network) |
---|---|---|---|---|
Spoofing/Authenticity | Authentication HTTPS/TLS/X.509 Limit distributed attributes Proper Software Engineering (PSE) | Limit distributed attributes PSE | PSE | - HTTPS/TLS/ X.509 - PSE |
Repudiation/Accountability | Authentication Logging (must be law-compliant, eg max retention time) | Logging PSE | - Logging | - Logging |
Info Disclosure/Confidentiality | HTTPS/TLS/X.509 | - Subscribed policies (no data out of Id Federation) HTTPS/TLS/X.509 | HTTPS/TLS/X.509 | HTTPS/TLS/X.509 |
DoS/ Availability | - PSE | - PSE | - PSE | - Redundancy - Firewalls - PSE |
Elevation of Privileges/Authorisation | - Only required attributes distributed - PSE | - Only required attributes distributed - PSE | - PSE | - PSE |