Threats
- foof
The DSSA working group is working on a set of threats to DNS security and stability. This page is where we're tracking our work.
Document types:
PDF -- these are read-only files that allow navigation of the mind-map -- later versions are expandable, but they must be opened in Adobe Reader 9 or later
MMAP -- these are the editable mind-map files -- can be loaded directly into Mindjet's MindManager product or imported into the open-source Freemind program
MM -- these are also mind-map files -- we switched to using Freemind for our work (thus avoiding the cost and complexity of Mindjet's product) in early January 2012
HTML -- these are straight text html files that can be read by any web browser
We began this work at the ICANN general meeting in Singapore (June, 2011).
DSSA - Threats - Singapore -- as a PDF of the mind-map
DSSA - Threats - Singapore -- as a web-page outline of the charts
Results from the 11-August teleconference
DSSA - Threats - combined v1 -- as a PDF of the mind-map
DSSA - Threats - combined -- as a web-page outline
Results from the 18-August teleconference
DSSA - Threats - combined v2 -- as a PDF of the mind-map
DSSA - Threats - combined v1 -- as a web-page outline
Results from the 25-August teleconference
DSSA - Threats - combined v4.pdf -- as a PDF of the mind-map (NOTE: This is a very large map as it contains all of the summaries of the SSAC reports and RFCs we reviewed on the call today -- you may find it hard to read or follow)
DSSA - Threats - combined v4v.pdf -- as a PDF of the mind-map (NOTE: This file is the first one that contains an imbedded viewer so that you can open or close branches of the mind-map, but must be opened in Adobe Reader 9)
Results from the 1-Sept teleconference
DSSA - Threats - combined v5b.pdf
DSSA - Threats - combined v5.mmap
FORK -- Splitting this page, and the documentation, into a narrower focus (to reduce file sizes and complexity)
This page will start focusing on documenting "Threats" -- "Vulnerabilities", "Possible hierarchies" and "Action items" have been split out of the documents and moved to separate pages.
Results from the 8-Sept teleconference
Results from the 15-Sept teleconference
Results from the 22-Sept teleconference (first-pass sifting of threats that are in/out of scope)
DSSA -- Summary of scope decisions.pdf
Results from the 6-Oct teleconference
Results from the 22-Dec teleconference (returning to the threat-tree after a pause to sort out the methodology -- these are mind maps of the threat-tree under the NIST methodology, rather than the previous series of maps which originated at our meeting in Singapore)
DSSA -- Risk assessment -- threat event tree - v3.pdf
DSSA -- Risk assessment -- threat event tree - v3.mmap
DSSA -- Risk assessment -- threat event tree - v3.html
Results from the 5-Jan-2012 teleconference
DSSA -- Risk assessment -- threat event tree - v4.pdf
DSSA -- Risk assessment -- threat event tree - v4.mmap
DSSA -- Risk assessment -- threat event tree - v4.html
Results from the 12-Jan teleconference (Note: we've started recording the results in two forms -- the continuing series of mind-maps, plus spreadsheets that will document our results in the tables defined in the NIST 800-30 methodology)
Mind-map
DSSA -- Risk assessment -- threat event tree - v5.pdf
DSSA -- Risk assessment -- threat event tree - v5.mmap
DSSA - Risk assessment -- threat event tree - v5.mm
DSSA -- Risk assessment -- threat event tree - v5.html
DSSA - Threat-event Architecture v1.mm
DSSA - Threat-event Architecture v1.pdf
Tables
DSSA -- Tables D-8 and E-5 - Non Adversarial Threat Sources and Events v2.xlsx
Results from the 19-Jan teleconference
Mind-map
DSSA - Risk assessment -- threat event tree - v6.mm
DSSA - Risk assessment -- threat event tree - v6.mm.html
Tables
DSSA -- Tables D-8 and E-5 - Non Adversarial Threat Sources and Events v3.xlsx
Results from the 26-Jan teleconference
Mind-map
DSSA - Risk assessment -- threat event tree - v7.mm
DSSA - Risk assessment -- threat event tree - v7.mm.html
Tables
DSSA -- Tables D-8 and E-5 - Non Adversarial Threat Sources and Events v4.xlsx
Results from the 9-Feb teleconference
Mind-map
DSSA - Risk assessment -- threat event tree - v8.pdf
DSSA - Risk assessment -- threat event tree - v8.mm
DSSA - Risk assessment -- threat event tree - v8.mm.html
Tables
DSSA -- Tables D-8 and E-5 - Non Adversarial Threat Sources and Events v5.xlsx
Results from the 16-Feb teleconference
Tables
(note -- the following table may be at end-of-life -- the group had a long discussion this week and we are considering revising our analysis approach)
DSSA -- Tables D-8 and E-5 - Non Adversarial Threat Sources and Events v6.xlsx
(note -- the following table is the first draft of our new approach)
DSSA -- Table E-5 - Threat Events v1.xlsx
Results from the 23-Feb teleconference