Threat modelling for a secure swiyu trust infrastructure

Potential security threats to the swiyu trust infrastructure are systematically identified using the threat modelling method. This approach allows attack vectors to be understood and mitigated before they are exploited. The technical documentation for the swiyu trust infrastructure has been supplemented with the threats to the various components.

Threat modelling is a structured approach to analysing potential threats to IT systems. In the development process of the trust infrastructure, this approach is used to implement targeted protective measures for the identified threats. The various components of the trust infrastructure are also continuously tested for vulnerabilities by external experts in so-called pen tests and in a bug bounty programme.

For the targeted ecosystem, the federal government provides generic components for issuing and verifying digital credentials in addition to the trust infrastructure. In order to promote security awareness among future participants, the technical documentation of the swiyu trust infrastructure has been supplemented with the identified sources of risk. It lists technical and organisational vulnerabilities that could jeopardise the confidentiality, integrity or availability of the system or parts thereof.

More information about the model and the sources of risk can be found at this link.