Upload File

3 approaches to threat modeling

3
Threat Modeling can be viewed in two different, but related contexts. One is the implementation of security controls by architects that map to security requirements and policy and the other is to reflect all possible known attacks to components or assets in a threat model, with the goal of implementing countermeasures against those threats. The three general approaches to threat modeling are: Softwarecentric – Assetcentric – Attackercentric The Figure below illustrates the components that provide the basis for different approaches to threat modeling: Below is a brief description of each of the different approaches: SoftwareCentric Threat Modeling: This approach involves the design of the system and can be illustrated using software architecture diagrams Search ThreatModeler FAQ ThreatModeler Plan Comparison ThreatModeler Stakeholder Benefits Download Datasheet Schedule Demo Getting Started with ThreatModeler Blog July 2014 June 2014 May 2014 March 2014 August 2013 June 2013 October 2012 August 2012 June 2012 May 2012 3 Approaches to Threat Modeling 28 May 2012 on MAY 28, 2012 By MYAPPSECURITY In THREAT MODELING LEAVE A COMMENT HOME THREATMODELER FAQ BLOG TRAINING & SERVICES ABOUT US

Upload: oda-san

Post on 09-Nov-2015

221 views

Category:

Documents


6 download

Report

DESCRIPTION

3 Approaches to Threat Modeling

TRANSCRIPT

  • 24/04/2015 3ApproachestoThreatModeling

    http://myappsecurity.com/approachestothreatmodeling/ 1/3

    ThreatModelingcanbeviewedintwodifferent,butrelatedcontexts.Oneistheimplementationofsecuritycontrolsbyarchitectsthatmaptosecurityrequirementsandpolicyandtheotheristoreflectallpossibleknownattackstocomponentsorassetsinathreatmodel,withthegoalofimplementingcountermeasuresagainstthosethreats.

    Thethreegeneralapproachestothreatmodelingare:

    SoftwarecentricAssetcentricAttackercentric

    TheFigurebelowillustratesthecomponentsthatprovidethebasisfordifferentapproachestothreatmodeling:

    Belowisabriefdescriptionofeachofthedifferentapproaches:

    SoftwareCentricThreatModeling:Thisapproachinvolvesthedesignofthesystemandcanbeillustratedusingsoftwarearchitecturediagrams

    Search

    ThreatModelerFAQ

    ThreatModelerPlanComparison

    ThreatModelerStakeholderBenefits

    DownloadDatasheet

    ScheduleDemo

    GettingStartedwithThreatModeler

    BlogJuly2014

    June2014

    May2014

    March2014

    August2013

    June2013

    October2012

    August2012

    June2012

    May2012

    3ApproachestoThreatModeling28May 2012 onMAY28,2012ByMYAPPSECURITYInTHREATMODELING LEAVEACOMMENT

    HOME THREATMODELER FAQ BLOG TRAINING&SERVICES ABOUTUS

  • 24/04/2015 3ApproachestoThreatModeling

    http://myappsecurity.com/approachestothreatmodeling/ 2/3

    0

    suchasdataflowdiagrams(DFD),usecasediagrams,orcomponentdiagrams.

    Thismethodiscommonlyusedtothreatmodelnetworksandsystemsandhasbeenadoptedasthedefactostandardforthreatmodeling.AgoodexampleofasoftwarecentricapproachisMicrosoftsSecureDevelopmentLifecycle(SDL)framework.BoththeMicrosoftSDLandThreatAnalysis&Modeling(TAM)toolsillustratethreatmodelingbymeansofDFDs.

    WithitsproductThreatModeler,MyAppSecurityprovidesathreatmodelingframeworkthatencompassesahighlevelcomponentbaseddesign,combinedwithasoftwarecentricapproach.Fromthethreatmodel,threatstoeachcomponentaredisplayedandspecificsecuritycontrolsareidentifiedthatwillmitigatethethreats,alongwithsecurecodingstandardsthatshouldbeappliedduringtheapplicationdesignphase.

    AssetCentricThreatModeling:Anassetcentricapproachinvolvesidentifyingtheassetsofanorganizationentrustedtoasystemorsoftware,(i.e.),dataprocessedbythesoftware.Assetsareclassifiedaccordingtodatasensitivityandtheirintrinsicvaluetoapotentialattacker,inordertoprioritizerisklevels.

    Usingthisapproachtothreatmodeling,attacktrees,attackgraphs,ordisplayingpatternsbywhichanassetcanbeattackedaregenerated.Securityprofessionalsoftenarguethatthisapproachshouldnotbeclassifiedasthreatmodeling,butissimplytheinevitableresultofasoftwarecentricdesignapproach.

    Thisapproachhelpsidentifymultistepattacksandpathsbywhichanattackercanreachanasset.Basedonriskanalysis,thesepathscanthenbeweightedandprioritizedaccordingly.TrikeandAmenazasSecuritree,bothsupportthecreationofattacktrees,whileThreatModelerautomaticallygeneratesattacktreesfromthedataprovidedinthesoftwarecomponentthreatmodel.

    AttackerCentricThreatModeling:Anattackercentricapproachtothreatmodelingrequiresprofilinganattackerscharacteristics,skillset,andmotivationtoexploitvulnerabilities,andthenusingthoseprofilestounderstandthetypeofattackerwhowouldbemostlikelytoexecutespecifictypesofexploits,andimplementamitigationstrategyaccordingly.

    Theattackercentricapproachalsousestreediagrams.Keyelementsofthisapproachincludefocusingonthespecificgoalsofanattacker,thevariousconsiderationsrelatedtothesystemuponwhichtheattackcouldbeperpetrated,alongwithitssoftwareandassets,howtheattackcouldbecarriedout,andfinally,ameanstodetectormitigatesuchanattack.Ananalystmayalsolistandanalyzerelatedattackpatternsorapproachestomakethesesamedeterminations.

    Anexamplewouldbeanattacktoobtaininformationfromabackenddatabase.Theconsiderationswouldbetoensurethatadatabaseisbeingusedatthebackend,alongwiththemeanstoenterdatabasequeriesasinput,andfinallyavoidingdetectionandpreventionmechanisms.TheapproachwouldbespecificSQLInjectioncommandsforthedatabaseidentified,orthepotentialuseoftoolsbywhichtheexploitationprocesscouldbeautomated.

    ThreatModeler,MyAppSecuritysflagshipoffering,istheindustrysfirstautomated,scalable,andrepeatablethreatmodelingproduct.PleasecontactustolearnmoreaboutThreatModeler.

    References:http://www.myappsecurity.com/threatmodeler/

    http://www.microsoft.com/security/sdl/default.aspx

    http://en.wikipedia.org/wiki/Threat_model

    http://www.csl.sri.com/projects/cam/

    Relatedposts:

    1. ComparisonofThreatModelingMethodologies

    2. Top5ReasonstoImplementThreatModeling

    3. ThreatModeling:Past,PresentandFuture

  • 24/04/2015 3ApproachestoThreatModeling

    http://myappsecurity.com/approachestothreatmodeling/ 3/3

    4. ComparingThreatModelertoMicrosoftThreatModelingTool(TMT)

    Commentsareclosed.

    (C)CopyrightMyAppSecurity201315


Threat Modeling Approaches for Securing Cloud Computin

Secure Design: Threat Modeling

How To Make Threat Modeling Work For You - Robert … To Make Threat Modeling Work For You Strategic Approaches to Real-World Architecture Challenges O’Reilly Software Architecture

Vulnerabilities in Continuous Delivery Pipelines? A …...2019/05/24  · Out of various threat modeling approaches, the STRIDE threat modeling method is the most widely used method

DNS Threat Modeling - OWASP · Threat Modeling Using STRIDE By: Girindro Pringgo Digdo, ... Threat Modeling Diagram Identify Threats Identify Threats Mitigate Validate STRIDE Trike

Threat Modeling / iPad

Threat Modeling And Analysis

Threat Modeling (Part 4)

Threat Modeling with STRIDE - Concordia Universityusers.encs.concordia.ca/~clark/courses/1601-6150/scribe/L04c.pdf · Threat Modeling with STRIDE Slides adapted from Threat Modeling:

Introduction to Threat Modeling

Threat Modeling for Secure - Application Security Testing ... · Threat Modeling for Secure Embedded Software | |Klocwork White Paper 2 Threat Modeling – A Brief Overview_____ Threat

Threat Modeling - CrossCountry Consulting

Threat Modeling - GBV

Threat Modeling - home.eng.iastate.edu

Asset-Oriented Threat Modeling

Threat Modeling - ISACA

Adam Shostack Microsoft - LayerOne...Threat Modeling (Swiderski and Snyder, Microsoft Press) "Guerilla Threat Modeling" (Torr) Patterns and Practices (J.D. Meier) Threat modeling for

threat modeling - SecAppDev Peeters/threat... · threat modeling Johan Peeters ... threat model looks out: adversaries ... assignment I who are the potential adversaries?

Reverse Threat Modeling

Threat modeling

Hickman threat modeling

Tactical Threat Modeling - SAFECode · Tactical Threat Modeling

Threat Modeling for Automotive Security Analysisonlinepresent.org/proceedings/vol139_2016/68.pdf · Threat Modeling for Automotive Security Analysis ... threat modeling STRIDE method

Threat Modeling (Part 1)

Cryptocurrency-based Systems Threat Modeling for · Threat Modeling and Cryptocurrencies Threat modeling is an essential step in secure systems design. Explore the threat space to

Corporate Threat Modeling v2

Threat Modeling (Part 2)

Lecture 7: Threat Modeling

Lecture 11: Threat Modeling

Threat Modeling (Part 5)

Cloud Threat Modeling

Threat modeling guide - DW.COM

Threat Modeling - Overview

Threat Modeling & Simulation

Application Threat Modeling - OWASP.pdf