Threat Modeling: The Art of Identifying, Assessing, and Mitigating security threats

Similar documents
Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

BEST PRACTICES FOR SECURITY TESTING TOP 10 RECOMMENDED PRACTICES

An Approach to Threat Modeling in Web Application Security Analysis

Threat modeling. Tuomas Aura T Information security technology. Aalto University, autumn 2011

Introduction to Microsoft Security Development Lifecycle (SDL) Threat Modeling

Threat Modeling. 1. Some Common Definition (RFC 2828)

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Security Testing. How security testing is different Types of security attacks Threat modelling

Microsoft STRIDE (six) threat categories

Rapid Threat Modeling Techniques

Introduction to Information Security

Security and Privacy in Cloud Computing

Agile and Secure Can We Be Both? Chicago OWASP. June 20 th, 2007

Agile and Secure: OWASP AppSec Seattle Oct The OWASP Foundation

ISSECO Syllabus Public Version v1.0

Revision History Revision Date Changes Initial version published to

A Methodology for Capturing Software Systems Security Requirements

tj.jmffliim.upij II, 14 1" H'H'.i.U.' Threat Modeling Designing for Security Adam Shostack WILEY

Development Processes (Lecture outline)

Challenges of Software Security in Agile Software Development

Threat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda

Security Threats in Demo Steinkjer

Application Security Testing

Privacy & Security Crash Course: How Do I Do a Risk Assessment?

Threat Modeling Using Fuzzy Logic Paradigm

Threat Modelling (Web)Apps Myths and Best Practices OWASP The OWASP Foundation Matthias Rohr

Building Security into the Software Life Cycle

Mobile Application Threat Analysis

Web Application Security

Threat Modeling Architecting & Designing with Security in Mind OWASP. The OWASP Foundation Venkatesh Jagannathan

Secure By Design: Security in the Software Development Lifecycle

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Misuse Cases: earlier and smarter information security

Threat Modeling. Deepak Manohar

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Threat Analysis for Hardware and Software Products using HazOp

Threat Modeling Smart Metering Gateways

Secure Programming Lecture 9: Secure Development

Software Security Touchpoint: Architectural Risk Analysis

In Building Security In, Gary McGraw proposes three pillars to use throughout the lifecycle: I: Applied Risk Management

How To Secure An Open Source System From Attack

A Practical Approach to Threat Modeling

UF Risk IT Assessment Guidelines

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

3 Web Services Threats, Vulnerabilities, and Countermeasures

THREAT MODELLING FOR SQL SERVERS Designing a Secure Database in a Web Application

SCOPING QUESTIONNAIRE FOR PENETRATION TESTING

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

SETLabs Briefings ENTERPRISE ARCHITECTURE & BUSINESS COMPETITIVENESS VOL 2 NO 4. Oct Dec Threat Modeling in Enterprise Architecture Integration

Chap. 1: Introduction

Effective Software Security Management

Functional vs. Load Testing

Vulnerability Management in an Application Security World. AppSec DC November 12 th, The OWASP Foundation

Defending Against Attacks by Modeling Threat Behaviors

Threat Modeling: Lessons from Star Wars. Adam

Security within a development lifecycle. Enhancing product security through development process improvement

Technical Proposition. Security

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Guidelines 1 on Information Technology Security

Penetration Testing. Presented by

APPLICATION THREAT MODELING

TLP WHITE. Denial of service attacks: what you need to know

PUBLIC REPORT. Red Team Testing of the ES&S Unity Voting System. Freeman Craft McGregor Group (FCMG) Red Team

How To Choose the Right Vendor Information you need to select the IT Security Testing vendor that is right for you.

-.% . /(.0/ ) 53%/( (01 (%((. * 7071 (%%2 $,( . 8 / 9!0/!1 . # (3(0 31.%::((. ;.!0.!1 %2% . ".(0.1 $) (%+"",(%$.(6

Background. HSBC DOD VA Masters in Computer Science Somerset Recon. Avid CTF Competitor

Introduction to Security

Basics of Internet Security

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Kerem Kocaer 2010/04/14

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT

93% of large organisations and 76% of small businesses

ICTN Enterprise Database Security Issues and Solutions

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Business Risk Management - Top 10 Questions to Ask

Web application testing

PI Server Security Best Practice Guide Bryan Owen Cyber Security Manager OSIsoft

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

Penetration Testing Service. By Comsec Information Security Consulting

CMPT 471 Networking II

Threat Modeling for Secure Embedded Software

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

Transcription:

Threat Modeling: The Art of Identifying, Assessing, and Mitigating security threats Mohamed Ali Saleh Abomhara University of Agder mohamed.abomhara@uia.no Winter School in Information Security, Finse May 3 8, 2015

Agenda Introduction Causes of Compromised Security What is Threat Modeling? Why Threat Modeling? Threat Modeling Process (Microsoft Security Development Lifecycle (SDL)) Demo (SDL Threat Modeling Tool) Conclusion

Introduction Causes of Compromised Security Technology weaknesses Configuration weaknesses Policy weaknesses Human error and malice

Introduction What is Threat Modeling? Threat modeling is a structured way to identify, understand, and mitigate threats A road map for developer to write secure code Threat modeling is all about finding problems

Introduction Why Threat Modeling? The most reliable way to Find security issues in system architecture and business processes Identify threats and vulnerabilities relevant to your system Identifies where more resources are required to reduce risk Helps you to Understand your organization/user weaknesses Shape your system design to meet your business objectives Increase awareness of threats Improve the security of your system by implementing effective countermeasures

Threat Modeling Process Threat modeling Terminology Role The set of business process capabilities of human who interacts with the system Asset It is something of value ( in threat modeling is called a threat target). Action Something a role can do to asset: Create, Read, Modify, Delete Threat Something that takes advantage of security weaknesses in a system and has a negative impact on it. Attacks Actions taken to harm a system or disrupt normal operations by exploiting vulnerabilities using various techniques and tools. Vulnerability Is a weakness in system design, implementation, or operation. Risk Is the probability that something bad could happen.

Threat Modeling Process Threat modeling Terminology Actor Threat agent Data Flow Diagram (DFD) A diagram which models the flow of data through the system. Trust Boundary A DFD annotation that indicates a connection crosses between trust levels Trust The level of trust placed on individuals in a specific role Security Control Product and/or processes employed to mitigate a specific threat( or a group of threats) to an acceptable level.

Threat Modeling Process (Microsoft Security Development Lifecycle (SDL) Vision

Vision Build a list of assets and system objectives that require protection including: Things attackers want System components ( hardware and software) Information such as ID number and credit card numbers Anything else that, if compromised, would prevent correct operation of your system Scenarios Use cases/use Stories Add security to scenarios, use cases

Diagram Describe System Architecture Create a system architecture System components Understand data and data classification Diagram the system Show subsystems Show data flow Focus on confidentiality, integrity, and availability What can we prevent? What do we care about most? What is the worst thing that can happen?

Decompose the system Break down the system Show the events that drive the system Show the processes that are driven Identify entry points Identify technologies Diagram trust boundaries Begin to think like an attacker Where are my vulnerabilities? What am I going to do about them? Identify Trust Boundaries Identify Data Flow Identify Entry Points Identify Privilege and access Validating Diagram

A Real Diagram

Identify Threats S T R I D E Spoofing Can an attacker gain access using a false identity? Tampering Can an attacker modify data as it flows through the application? Repudiation If an attacker denies doing something, can we prove he did it? Information disclosure Can an attacker gain access to private or potentially injurious data? Denial of service Can an attacker crash or reduce the availability of the system? Elevation of privilege Can an attacker assume the identity of a privileged user?

Mitigate Option 1: Accepting the risk Option 2: Transferring the risk Option 3 : Address the risk Four ways to address threats: Redesign to eliminate Apply standard mitigations Invent new mitigations (Riskier)

Validate Validate the whole TM Does diagram match final code? Are threats enumerated? Minimum: STRIDE per element that touches a trust boundary Has Test reviewed the model? Created appropriate test plans Tester approach often finds issues with TM, or details Is each threat mitigated? Are mitigations done right

Demo Microsoft Threat Modeling Tool

Conclusion The security development process requires thorough understanding of a systems assets, followed by identifying different vulnerabilities and threats that can exist. Use threat modeling to develop security testing strategy. Know your enemy and know yourself. What techniques and technologies will hackers use? What techniques and technologies can testers use? Without threat modelling, protecting yourself is like shooting in the dark

References The Microsoft Security Development Lifecycle (SDL) http://msdn.microsoft.com/en-us/security/cc448177.aspx The Microsoft SDL Threat Modeling Tool http://msdn.microsoft.com/en-us/security/dd206731.aspx SDL blog http://blogs.msdn.com/sdl/ Book Shostack, Adam. Threat modeling: Designing for security. John Wiley & Sons, 2014.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information