3 approaches to threat modeling
DESCRIPTION
3 Approaches to Threat ModelingTRANSCRIPT
-
24/04/2015 3ApproachestoThreatModeling
http://myappsecurity.com/approachestothreatmodeling/ 1/3
ThreatModelingcanbeviewedintwodifferent,butrelatedcontexts.Oneistheimplementationofsecuritycontrolsbyarchitectsthatmaptosecurityrequirementsandpolicyandtheotheristoreflectallpossibleknownattackstocomponentsorassetsinathreatmodel,withthegoalofimplementingcountermeasuresagainstthosethreats.
Thethreegeneralapproachestothreatmodelingare:
SoftwarecentricAssetcentricAttackercentric
TheFigurebelowillustratesthecomponentsthatprovidethebasisfordifferentapproachestothreatmodeling:
Belowisabriefdescriptionofeachofthedifferentapproaches:
SoftwareCentricThreatModeling:Thisapproachinvolvesthedesignofthesystemandcanbeillustratedusingsoftwarearchitecturediagrams
Search
ThreatModelerFAQ
ThreatModelerPlanComparison
ThreatModelerStakeholderBenefits
DownloadDatasheet
ScheduleDemo
GettingStartedwithThreatModeler
BlogJuly2014
June2014
May2014
March2014
August2013
June2013
October2012
August2012
June2012
May2012
3ApproachestoThreatModeling28May 2012 onMAY28,2012ByMYAPPSECURITYInTHREATMODELING LEAVEACOMMENT
HOME THREATMODELER FAQ BLOG TRAINING&SERVICES ABOUTUS
-
24/04/2015 3ApproachestoThreatModeling
http://myappsecurity.com/approachestothreatmodeling/ 2/3
0
suchasdataflowdiagrams(DFD),usecasediagrams,orcomponentdiagrams.
Thismethodiscommonlyusedtothreatmodelnetworksandsystemsandhasbeenadoptedasthedefactostandardforthreatmodeling.AgoodexampleofasoftwarecentricapproachisMicrosoftsSecureDevelopmentLifecycle(SDL)framework.BoththeMicrosoftSDLandThreatAnalysis&Modeling(TAM)toolsillustratethreatmodelingbymeansofDFDs.
WithitsproductThreatModeler,MyAppSecurityprovidesathreatmodelingframeworkthatencompassesahighlevelcomponentbaseddesign,combinedwithasoftwarecentricapproach.Fromthethreatmodel,threatstoeachcomponentaredisplayedandspecificsecuritycontrolsareidentifiedthatwillmitigatethethreats,alongwithsecurecodingstandardsthatshouldbeappliedduringtheapplicationdesignphase.
AssetCentricThreatModeling:Anassetcentricapproachinvolvesidentifyingtheassetsofanorganizationentrustedtoasystemorsoftware,(i.e.),dataprocessedbythesoftware.Assetsareclassifiedaccordingtodatasensitivityandtheirintrinsicvaluetoapotentialattacker,inordertoprioritizerisklevels.
Usingthisapproachtothreatmodeling,attacktrees,attackgraphs,ordisplayingpatternsbywhichanassetcanbeattackedaregenerated.Securityprofessionalsoftenarguethatthisapproachshouldnotbeclassifiedasthreatmodeling,butissimplytheinevitableresultofasoftwarecentricdesignapproach.
Thisapproachhelpsidentifymultistepattacksandpathsbywhichanattackercanreachanasset.Basedonriskanalysis,thesepathscanthenbeweightedandprioritizedaccordingly.TrikeandAmenazasSecuritree,bothsupportthecreationofattacktrees,whileThreatModelerautomaticallygeneratesattacktreesfromthedataprovidedinthesoftwarecomponentthreatmodel.
AttackerCentricThreatModeling:Anattackercentricapproachtothreatmodelingrequiresprofilinganattackerscharacteristics,skillset,andmotivationtoexploitvulnerabilities,andthenusingthoseprofilestounderstandthetypeofattackerwhowouldbemostlikelytoexecutespecifictypesofexploits,andimplementamitigationstrategyaccordingly.
Theattackercentricapproachalsousestreediagrams.Keyelementsofthisapproachincludefocusingonthespecificgoalsofanattacker,thevariousconsiderationsrelatedtothesystemuponwhichtheattackcouldbeperpetrated,alongwithitssoftwareandassets,howtheattackcouldbecarriedout,andfinally,ameanstodetectormitigatesuchanattack.Ananalystmayalsolistandanalyzerelatedattackpatternsorapproachestomakethesesamedeterminations.
Anexamplewouldbeanattacktoobtaininformationfromabackenddatabase.Theconsiderationswouldbetoensurethatadatabaseisbeingusedatthebackend,alongwiththemeanstoenterdatabasequeriesasinput,andfinallyavoidingdetectionandpreventionmechanisms.TheapproachwouldbespecificSQLInjectioncommandsforthedatabaseidentified,orthepotentialuseoftoolsbywhichtheexploitationprocesscouldbeautomated.
ThreatModeler,MyAppSecuritysflagshipoffering,istheindustrysfirstautomated,scalable,andrepeatablethreatmodelingproduct.PleasecontactustolearnmoreaboutThreatModeler.
References:http://www.myappsecurity.com/threatmodeler/
http://www.microsoft.com/security/sdl/default.aspx
http://en.wikipedia.org/wiki/Threat_model
http://www.csl.sri.com/projects/cam/
Relatedposts:
1. ComparisonofThreatModelingMethodologies
2. Top5ReasonstoImplementThreatModeling
3. ThreatModeling:Past,PresentandFuture
-
24/04/2015 3ApproachestoThreatModeling
http://myappsecurity.com/approachestothreatmodeling/ 3/3
4. ComparingThreatModelertoMicrosoftThreatModelingTool(TMT)
Commentsareclosed.
(C)CopyrightMyAppSecurity201315