Upload File

Download - 3 Approaches to Threat Modeling

Transcript

  • 24/04/2015 3ApproachestoThreatModeling

    http://myappsecurity.com/approachestothreatmodeling/ 1/3

    ThreatModelingcanbeviewedintwodifferent,butrelatedcontexts.Oneistheimplementationofsecuritycontrolsbyarchitectsthatmaptosecurityrequirementsandpolicyandtheotheristoreflectallpossibleknownattackstocomponentsorassetsinathreatmodel,withthegoalofimplementingcountermeasuresagainstthosethreats.

    Thethreegeneralapproachestothreatmodelingare:

    SoftwarecentricAssetcentricAttackercentric

    TheFigurebelowillustratesthecomponentsthatprovidethebasisfordifferentapproachestothreatmodeling:

    Belowisabriefdescriptionofeachofthedifferentapproaches:

    SoftwareCentricThreatModeling:Thisapproachinvolvesthedesignofthesystemandcanbeillustratedusingsoftwarearchitecturediagrams

    Search

    ThreatModelerFAQ

    ThreatModelerPlanComparison

    ThreatModelerStakeholderBenefits

    DownloadDatasheet

    ScheduleDemo

    GettingStartedwithThreatModeler

    BlogJuly2014

    June2014

    May2014

    March2014

    August2013

    June2013

    October2012

    August2012

    June2012

    May2012

    3ApproachestoThreatModeling28May 2012 onMAY28,2012ByMYAPPSECURITYInTHREATMODELING LEAVEACOMMENT

    HOME THREATMODELER FAQ BLOG TRAINING&SERVICES ABOUTUS

  • 24/04/2015 3ApproachestoThreatModeling

    http://myappsecurity.com/approachestothreatmodeling/ 2/3

    0

    suchasdataflowdiagrams(DFD),usecasediagrams,orcomponentdiagrams.

    Thismethodiscommonlyusedtothreatmodelnetworksandsystemsandhasbeenadoptedasthedefactostandardforthreatmodeling.AgoodexampleofasoftwarecentricapproachisMicrosoftsSecureDevelopmentLifecycle(SDL)framework.BoththeMicrosoftSDLandThreatAnalysis&Modeling(TAM)toolsillustratethreatmodelingbymeansofDFDs.

    WithitsproductThreatModeler,MyAppSecurityprovidesathreatmodelingframeworkthatencompassesahighlevelcomponentbaseddesign,combinedwithasoftwarecentricapproach.Fromthethreatmodel,threatstoeachcomponentaredisplayedandspecificsecuritycontrolsareidentifiedthatwillmitigatethethreats,alongwithsecurecodingstandardsthatshouldbeappliedduringtheapplicationdesignphase.

    AssetCentricThreatModeling:Anassetcentricapproachinvolvesidentifyingtheassetsofanorganizationentrustedtoasystemorsoftware,(i.e.),dataprocessedbythesoftware.Assetsareclassifiedaccordingtodatasensitivityandtheirintrinsicvaluetoapotentialattacker,inordertoprioritizerisklevels.

    Usingthisapproachtothreatmodeling,attacktrees,attackgraphs,ordisplayingpatternsbywhichanassetcanbeattackedaregenerated.Securityprofessionalsoftenarguethatthisapproachshouldnotbeclassifiedasthreatmodeling,butissimplytheinevitableresultofasoftwarecentricdesignapproach.

    Thisapproachhelpsidentifymultistepattacksandpathsbywhichanattackercanreachanasset.Basedonriskanalysis,thesepathscanthenbeweightedandprioritizedaccordingly.TrikeandAmenazasSecuritree,bothsupportthecreationofattacktrees,whileThreatModelerautomaticallygeneratesattacktreesfromthedataprovidedinthesoftwarecomponentthreatmodel.

    AttackerCentricThreatModeling:Anattackercentricapproachtothreatmodelingrequiresprofilinganattackerscharacteristics,skillset,andmotivationtoexploitvulnerabilities,andthenusingthoseprofilestounderstandthetypeofattackerwhowouldbemostlikelytoexecutespecifictypesofexploits,andimplementamitigationstrategyaccordingly.

    Theattackercentricapproachalsousestreediagrams.Keyelementsofthisapproachincludefocusingonthespecificgoalsofanattacker,thevariousconsiderationsrelatedtothesystemuponwhichtheattackcouldbeperpetrated,alongwithitssoftwareandassets,howtheattackcouldbecarriedout,andfinally,ameanstodetectormitigatesuchanattack.Ananalystmayalsolistandanalyzerelatedattackpatternsorapproachestomakethesesamedeterminations.

    Anexamplewouldbeanattacktoobtaininformationfromabackenddatabase.Theconsiderationswouldbetoensurethatadatabaseisbeingusedatthebackend,alongwiththemeanstoenterdatabasequeriesasinput,andfinallyavoidingdetectionandpreventionmechanisms.TheapproachwouldbespecificSQLInjectioncommandsforthedatabaseidentified,orthepotentialuseoftoolsbywhichtheexploitationprocesscouldbeautomated.

    ThreatModeler,MyAppSecuritysflagshipoffering,istheindustrysfirstautomated,scalable,andrepeatablethreatmodelingproduct.PleasecontactustolearnmoreaboutThreatModeler.

    References:http://www.myappsecurity.com/threatmodeler/

    http://www.microsoft.com/security/sdl/default.aspx

    http://en.wikipedia.org/wiki/Threat_model

    http://www.csl.sri.com/projects/cam/

    Relatedposts:

    1. ComparisonofThreatModelingMethodologies

    2. Top5ReasonstoImplementThreatModeling

    3. ThreatModeling:Past,PresentandFuture

  • 24/04/2015 3ApproachestoThreatModeling

    http://myappsecurity.com/approachestothreatmodeling/ 3/3

    4. ComparingThreatModelertoMicrosoftThreatModelingTool(TMT)

    Commentsareclosed.

    (C)CopyrightMyAppSecurity201315


Top Related

Threat Modeling (Part 1)
Threat Modeling (Part 1)
Application Threat Modeling - OWASP.pdf
Application Threat Modeling - OWASP.pdf
Threat Modeling - Overview
Threat Modeling - Overview
Threat Modeling - ISACA
Threat Modeling - ISACA
Threat Modeling for Automotive Security Analysisonlinepresent.org/proceedings/vol139_2016/68.pdf · Threat Modeling for Automotive Security Analysis ... threat modeling STRIDE method
Threat Modeling for Automotive Security Analysisonlinepresent.org/proceedings/vol139_2016/68.pdf · Threat Modeling for Automotive Security Analysis ... threat modeling STRIDE method
Security Threat Modeling
Security Threat Modeling
Reverse Threat Modeling
Reverse Threat Modeling
Vulnerabilities in Continuous Delivery Pipelines? A …...2019/05/24  · Out of various threat modeling approaches, the STRIDE threat modeling method is the most widely used method
Vulnerabilities in Continuous Delivery Pipelines? A …...2019/05/24  · Out of various threat modeling approaches, the STRIDE threat modeling method is the most widely used method