Threat Modeling - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Threat Modeling

Description:

Threat Modeling James Walden Topics Threat Generation. Data Flow Diagrams. Attack Trees. Risk Modeling. Threat Modeling Exercise. Requirements Actors People (roles ... – PowerPoint PPT presentation

Number of Views:845
Avg rating:3.0/5.0
Slides: 23
Provided by: JamesW108
Category:
Tags: data | modeling | threat

less

Transcript and Presenter's Notes

Title: Threat Modeling


1
Threat Modeling
  • James Walden

2
Topics
  1. Threat Generation.
  2. Data Flow Diagrams.
  3. Attack Trees.
  4. Risk Modeling.
  5. Threat Modeling Exercise.

3
Requirements
  • Actors
  • People (roles) who interact with system.
  • Assets
  • Specific pieces of data attacker wants.
  • Actions
  • What Actors do to Assets.
  • Ex Create, Read, Update, Delete.

4
Trike7 Actors
5
Trike7 Actor-Asset-Action Matrix
6
Rules
  • Rules apply to each Action.
  • Limit circumstances in which Actions can occur.
  • Boolean tree of conditionals.
  • Actors are represented as rule
  • User is in Role

7
Trike7 Part of Rules Tree
8
Threat Generation
  • Use Actor-Asset-Action matrix.
  • Two types of threats via Rules
  • Denial of Service Actor prevented from
    performing allowed Action.
  • Elevation of Privilege Actor performs an action
    which is prohibited by matrix.

9
Data Flow Diagrams
  • Visual model of system data flow.
  • Rectangles External actors.
  • Circles Processes.
  • Double Lines Data stores.
  • Lines Data flows.
  • Dotted Lines Trust boundaries.
  • Hierarchical decomposition
  • Until no process crosses trust boundaries.

10
Trike3 Example Data Flow Context Diagram
11
Trike3 Example Data Flow Diagram Level 0
12
Trike3 Example Data Flow Diagram Level 1
13
Attack Trees
  • Root node is a threat.
  • Subnodes are attacks to realize threat.
  • Attacks may be re-used in other trees.
  • Hierarchical decomposition
  • Until determine risk is acceptable or not.

14
Trike7 Attack Tree Example
15
Attack Graph
  • Encompasses all attacks vs system.
  • Set of interlinked attack trees.
  • Auto-generation
  • High-level attack skeleton.
  • Attack libraries
  • Many sub-trees re-appear.
  • Attached to tagged technologies in DFD.
  • Need security expertise for full tree.

16
Risk Modeling
  • Business assigns values() to Assets.
  • Rate Actions on each Asset.
  • 1-5 relative scale, with 5 being worst.
  • Ranked twice denial, elevation
  • Assign each Actor a risk level 1-5.
  • Risk Value of Asset Action risk.

17
Trike7 Threat Risk Grid
18
Threat Modeling Process
  • Preparation.
  • Develop requirements, DFDs.
  • Brainstorming.
  • Brainstorm possible threats.
  • Drafting.
  • Review.
  • Verification.
  • QA team develops tests.
  • Closure.

19
Exercise Online news site.
  • Actors
  • Authors, Editors, Readers.
  • Data Stores
  • Database articles, comments, users.
  • Logs
  • Processes
  • Web server

20
Exercise Rules.
  • Authors can submit Articles for publish.
  • Editors can publish Articles.
  • Editors can C, R, U, D Articles, Comments.
  • Readers can read Articles, Comments.
  • Readers can C, R, U, D their own Comments to
    Articles.
  • Anonymous can create Reader accounts.
  • Editors can C, R, U, D accounts.

21
Exercise Deliverables
  • Actor-Asset-Action Matrix
  • Rules Tree
  • DFDs
  • Attack Tree
  • Risk Model

22
References
  1. Ben Hickman, Application Security and Threat
    Modeling, http//cpd.ogi.edu/seminars04/hickmanth
    reatmodeling.pdf, 2004.
  2. Michael Howard and David LeBlanc, Writing Secure
    Code, 2nd edition, Microsoft Press, 2003.
  3. Paul Saitta, Brenda Larcom, and Michael
    Eddington, Trike v.1 Methodology Document
    draft, http//dymaxion.org/trike/, 2005.
  4. Frank Swiderski and Window Snyder, Threat
    Modeling, Microsoft Press, 2004.
  5. Peter Torr, Demystifying the Threat-Modeling
    Process, IEEE Security Privacy, Oct/Nov 2005.
  6. Peter Torr, Guerilla Threat Modeling,
    http//blogs.msdn.com/ptorr/archive/2005/02/22/Gue
    rillaThreatModelling.aspx, 2005.
  7. Trike Threat Modeling Tool, http//www.octotrike.o
    rg/, 2005.
Write a Comment
User Comments (0)
About PowerShow.com