Threat Modeling. 1. Some Common Definition (RFC 2828)



Similar documents
Threat modeling. Tuomas Aura T Information security technology. Aalto University, autumn 2011

Threat Modeling: The Art of Identifying, Assessing, and Mitigating security threats

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Microsoft STRIDE (six) threat categories

APPLICATION THREAT MODELING

ISSECO Syllabus Public Version v1.0

Security Testing. How security testing is different Types of security attacks Threat modelling

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center

BEST PRACTICES FOR SECURITY TESTING TOP 10 RECOMMENDED PRACTICES

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Defending Against Attacks by Modeling Threat Behaviors

COSC 472 Network Security

Introduction to Information Security

Threat Modelling (Web)Apps Myths and Best Practices OWASP The OWASP Foundation Matthias Rohr

Chapter 6: Fundamental Cloud Security

Threat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda

Development Processes (Lecture outline)

Threat Modeling Architecting & Designing with Security in Mind OWASP. The OWASP Foundation Venkatesh Jagannathan

Rapid Threat Modeling Techniques

An Approach to Threat Modeling in Web Application Security Analysis

Functional vs. Load Testing

Software Security Touchpoint: Architectural Risk Analysis

Vulnerability Management in an Application Security World. AppSec DC November 12 th, The OWASP Foundation

Application Security Testing

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Pass-the-Hash. Solution Brief

Challenges of Software Security in Agile Software Development

UF Risk IT Assessment Guidelines

Threat Modeling Using Fuzzy Logic Paradigm

How to Grow and Transform your Security Program into the Cloud

Threat Modeling Cloud Applications

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Chap. 1: Introduction

Security Threats in Demo Steinkjer

FISMA / NIST REVISION 3 COMPLIANCE

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

NIST National Institute of Standards and Technology

APIs The Next Hacker Target Or a Business and Security Opportunity?

Building Security into the Software Life Cycle

Application Security: What Does it Take to Build and Test a Trusted App? John Dickson, CISSP Denim Group

Web application testing

Mobile Application Threat Analysis

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Security Basics - Lessons From a Paranoid. Stuart Larsen Yahoo! Paranoids - Pentest

Computer Concepts And Applications CIS-107-TE. TECEP Test Description

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Where every interaction matters.

How To Perform An External Security Vulnerability Assessment Of An External Computer System

Public Cloud Security: Surviving in a Hostile Multitenant Environment

Secure Programming Lecture 9: Secure Development

In Building Security In, Gary McGraw proposes three pillars to use throughout the lifecycle: I: Applied Risk Management

PAKITI Patching Status System

Obtaining Enterprise Cybersituational

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

PHYSICAL SECURITY. A Primer and a Story of Why it s Necessary

How to Build a Trusted Application. John Dickson, CISSP

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS

A Methodology for Capturing Software Systems Security Requirements

Information Security Risk Assessment Methodology

Secure By Design: Security in the Software Development Lifecycle

2012 Data Breach Investigations Report

Passing PCI Compliance How to Address the Application Security Mandates

Web App Security Audit Services

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

white SECURITY TESTING WHITE PAPER

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Addressing Security for Hybrid Cloud

OWASP AND APPLICATION SECURITY

Cryptography and Network Security Chapter 1

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

VULNERABILITY MANAGEMENT AND RESEARCH PENETRATION TESTING OVERVIEW

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

tj.jmffliim.upij II, 14 1" H'H'.i.U.' Threat Modeling Designing for Security Adam Shostack WILEY

Essential IT Security Testing

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Cybersecurity and internal audit. August 15, 2014

Threat Modeling Smart Metering Gateways

Managing IT Security with Penetration Testing

Web Application Security Considerations

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Transcription:

Threat Modeling Threat modeling and analysis provides a complete view about the security of a system. It is performed by a systematic and strategic way for identifying and enumerating threats to a system. 1. Some Common Definition (RFC 2828) Vulnerability: A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy Threat: A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm... a threat is a possible danger that might exploit a vulnerability Attack: An assault on system security that derives from an intelligent threat, to evade security services and violate the security policy of a system. 2. Modeling Phases We are currently following an iterative step, starting from the higher level identifying major components and identification of threats from overall perspective. In the second part, we are performing threat analysis for each of the earlier identified components then passing data through those components from identified major use case. Finally, we merge the analysis report to one. Questions: component breakdown or use case breakdown is better option? Figure 1: An iterative process for threat identification

Currently, we follow a simplified steps for modeling(do not try to reinvent the wheel here,, Modified the OWSAP steps) Figures 2: Simplified steps for threat modeling Steps: 1. Application/component overview (deployment, technologies, usage, assumptions) 2. Security Objective of a Component/Sub components 3. Decomposition (Data Flow Diagrams - DFD, Trust boundaries, entry/exit point, assets, security controls in place) 4. Threats against assets (check known threats here.). STRIDE can be used for threat identification and classification. 4.1. Threat Quantification (Attacker model, DREAD, RISK Analysis) 4.2 Security Controls vs. Threats. 5. Vulnerability Exploitation in Code 6. Vulnerability exists but cannot be exploitable due to attacker model

7. Security Guidance/ Security Test case developments 3. Related Assumptions for the Threat Modeling: Threat Agents: We consider three types of threat agent (Attackers). ID Name Details IA- U Internet Attacker Unauthorized IA- A Internet Attacker Authorized IN- I Internal Attacker - Insider Threat Categorization We can follow STRIDE model ID SPOOFING TAMPERING REPUDIATION INFORMATION DISCLOSURE DEINIAL OF SERVICE ELEVATION OF PRIVILEDGE Details Threat Agent Capabilities Level Name 0 Script Kiddies 1 Motivated individuals 2 Highly Capable Individuals 3 Serious Organized crime 4 Intelligence services Likelihood of a Threat Level Low Medium High Definition

Actors and Trust Level Trust Actors Details Level 1 Anonymous 2 Tenant User 3 Tenant admin 4 Keystone Identity Admin Can control any operation on keystone through exposed API. 5 External Identity admin Used in case authentication is consumed from external sources 6 Cloud Service Cloud service account to verify user auth token and role info 7 System admin Access to system process and databases 8 DB user User access the database 9 User Tenant user, tenant admin, Keystone identity admin user in authenticated form (any or combination of them in authenticated form) 10 Dashboard Admin 11 Keystone process user Threat DB Link to Threat DB ( A generic database to search for possible threats) 4. Identification of Threats In final analysis, we can follow a simplified process as exemplified in figure 3. In this picture, top row elements are generated from the step 1 to 3 from figure 2. These are dynamic parameters. The bottom row is the result. The middle rows are static elements defined in section 3. Based on this information, we identify threats for each asset accessed or modified by the proxies (operations) in the data flows diagram.

Figure 3: Threat Analysis - simplified In other words, # Logic to find related threats for each asset_a in Asset: for each operations in DataFlows: modified_asset_a = operation(asset_a) for each threat_group in STRIDE: attack_vectors = Find attack_vectors related to threat_group from Threat_DB possible_threat = Threats exploitable by using attack_vectors on asset_a to perform an operation ranked_threat = Ranking(possible_Threat) return ranked_threat 5. Example Application Link to Keystone Threat Modeling Link to Keystone Token Provider Threat Modeling

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information