Understanding the Risk: Threat Modeling for the Enterprise - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Understanding the Risk: Threat Modeling for the Enterprise

Description:

History of Threat Modeling (TM) at Microsoft-IT. Target Audience for TM ... Security Threat Analysis and Modeling (MAS TAM) Principle behind threat modeling: ... – PowerPoint PPT presentation

Number of Views:81
Avg rating:3.0/5.0
Slides: 28
Provided by: downloadM
Category:

less

Transcript and Presenter's Notes

Title: Understanding the Risk: Threat Modeling for the Enterprise


1
Understanding the Risk Threat Modeling for the
Enterprise
  • Akshay Aggarwal
  • Senior Security Technologist
  • akshaya_at_microsoft.com

2
Outline
  • History of Threat Modeling (TM) at Microsoft-IT
  • Target Audience for TM
  • Microsoft Application Security TAM
  • Threat Model Integration with SDL-IT
  • TM Process
  • Roles in the TM process
  • ACE TM Tool and demo
  • Summary

3
History of Threat Modeling at Microsoft-IT
  • Previous TM tool was based upon book released by
    MS in 2004
  • Current process is an evolution after 3 years of
    using TM
  • Adapted for specific business needs of IT
    enterprises
  • Focus on components and data
  • Implementers of technology
  • Product teams building specific technologies use
    a different TM process

4
Target Audience for TAM Tool
  • IT Enterprises wishing to understand and reduce
    risk to their environment
  • Implementers of technology
  • Example Developer building smart client on .NET
    not team building the framework
  • ISVs building COTS components
  • TM is component based

5
Software Application Security
  • Penetration Testing
  • Attempt to impersonate the adversary and
    break-in
  • Security Code Reviews
  • Detect security flaws in code base
  • Security Design Reviews
  • Detect security flaws in software architecture
  • What are we looking for?

6
Threat, Attack, Vulnerability Countermeasure
  • Threat
  • Realized through
  • Attacks
  • Materialize through
  • Vulnerabilities
  • Mitigated with
  • Countermeasures

Possibility of something bad happening How it
happens (the exploit) Why it happens (the
cause) How to prevent it (the fix)
7
  • If it doesnt negatively impact business then
    it is not a threat!!

8
MAS Threat Analysis Modeling
  • Microsoft Application Security Threat Analysis
    and Modeling (MAS TAM)
  • Principle behind threat modeling
  • One cant feasibly build a secure system until
    one understands the threats against it
  • Why threat model?
  • To identify threats
  • Create a security strategy
  • TAM provides application risk management
    throughout SDLC and beyond!

9
What is MAS TAM methodology?
  • Threat modeling methodology focused on typical
    enterprise IT (LOB) applications
  • Objective
  • Provide a consistent methodology for objectively
    identifying and evaluating threats to
    applications
  • Translates technical risk to business impact
  • Empower the business to manage risk
  • Creates awareness between teams of security
    dependencies and assumptions
  • All without requiring security subject matter
    expertise

10
Threat Modeling during SDLC
Creation
Assimilation
Signoff
Design
Develop / Purchase
Envision
Test
Release / Sustainment
SDLC
Threat Model / Design Review
Application Entry / Risk Assessment
Post-Production Assessment
Internal Review
Pre-Production Assessment
SDL-IT
Evolutionary Process
11
Anatomy of a Threat
Security Team Expertise
  • Application Context
  • Threats
  • Attacks
  • Vulnerabilities
  • Countermeasures

Application Team Expertise
12
Decomposing the Application Context
Components
Roles
Data
13
Application Context Rules
  • Roles can interact with Components through
    defined Actions
  • Components can interact with Components through
    defined Actions
  • Data is stored inside Components
  • Components can Create, Read, Update or Delete
    Data
  • Data can flow between 2 interacting Components
  • Data can flow between interacting Role and
    Component

14
Generating Threats
  • Application Context defines allowable actions
  • Built by following our application context rules
  • Systematic corruption of these actions are
    threats
  • Automatic Threat Generation
  • Examples of attacks
  • Password Brute Force
  • Buffer Overflow
  • Canonicalization
  • Cross-Site Scripting
  • Denial of Service
  • Forceful Browsing
  • Format-String Attacks
  • HTTP Replay Attacks

15
Attack Library
  • Collection of known Attacks
  • Define, with absolute minimal information, the
    relationship between
  • The exploit
  • The cause
  • The fix

16
Threat-Attack Loose Coupling
Security Team Expertise
Application Team Expertise
17
Transparency with Attack Library
  • Application Context
  • Threats
  • Attacks
  • Vulnerabilities
  • Countermeasures

18
MAS TAM Benefits
  • Benefits for Application Teams
  • Translates technical risk to business impact
  • Provides a security strategy
  • Prioritize security features
  • Understand value of countermeasures
  • Benefits for Security Team
  • More focused Security Assessments
  • Translates vulnerabilities to business impact
  • Improved Security Awareness
  • Bridges the gap between security teams and
    application teams

19
Threat Modeling Security SME
  • Attack Library created by security Subject Matter
    Experts (SME)
  • Verifiable and repeatable
  • Security SME provides TM completeness
  • Verifies that the threat model meets the
    application specifications
  • Plugs knowledge gaps in the threat model
  • New 0-day attack not part of the Attack Library
  • Scale out the valuable security experts!!

20
MAS Threat Analysis Modeling tool v2.0
  • Tool created to aid in the process of creating
    and assimilating threat models
  • Automatic Threat Generation
  • Automatic Attack coupling
  • Provides a security strategy
  • Maintain repository of Threat Models for
    analysis
  • Security landscape is evolving (new attacks,
    vulnerabilities, mitigations being introduced)

21
Features
  • Analytics
  • Data Access Control Matrix
  • Component Access Control Matrix
  • Subject-Object Matrix
  • Component Profile
  • Visualizations
  • Call/Data/Trust Flow
  • Attack Surface
  • Threat Tree
  • Reports
  • Risk Owners Report
  • Design/Development/Test/Operations Team Report
  • Comprehensive Report

22
  • Microsoft Application Security Threat
    Analysis Modeling tool v2.0 Demo

23
Application Scenario
  • Loan Portal for a 20B financial services company
  • Application to approve loans
  • Automatic approvals for loans meeting criteria (lt
    20k credit score gt700)
  • Completely online loan lifecycle
  • 24 hour response time for all loans
  • Separation of duty between agent and approver

24
Summary
  • Methodology evolved from years of experience
  • Focused towards IT enterprises
  • Minimizes the impact to existing development
    process
  • Scales the security subject matter expert
  • Utilizes already known data points
  • Consistent, repeatable and verifiable models
  • Change management for application portfolio
  • Methodology optimized for SDL-IT integration

25
Contact
  • ACE service offerings around application
    security
  • Threat Modeling
  • Application Security Code Review
  • SDL-IT Integration
  • Training Threat Modeling and Secure Development
  • Contact
  • Application Consulting Engineering (ACE)
    Services
  • ACEQues_at_microsoft.com
  • Blog http//blogs.msdn.com/ace_team/default.aspx

26
QA
27
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Understanding the Risk: Threat Modeling for the Enterprise" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!