Threat Modeling:Security Development Lifecycle

Tyrell FlurryJeff ThomasAkhil Oniha

What is Threat Modeling?

• An engineering technique used to aid in the identification of assets, vulnerabilities, threats, attacks and countermeasures for a given system or software. Threat modeling helps to:

• Identify security objectives.• Identify threats.• Identify vulnerabilities and countermeasures

Why Microsoft SDL?

• Threat modeling is a complex task that few individuals can properly execute

• Software architects are generally more concerned with operation and performance than security

• Microsoft SDL transforms threat modeling into an activity that any software architect can perform effectively

How Does Microsoft SDL work?

• Microsoft based application must be used on Microsoft OS and requires Microsoft Visio for diagramming system

• Step 1: Diagram/whiteboard system• Step 2: Identify Threats (STRIDE approach)• Step 3: Identify Mitigation Strategies• Step 4: Validate system and repeat

Our Approach

• Utilize the Microsoft SDL to analyze the threats faced by a fictitious bank’s online banking application.

• Whiteboard system Level 0 DFD• Utilize Microsoft SDL to identify threats that

face each component/element of the DFD• Establish appropriate mitigation strategies