threat modeling part 1 - overview
TRANSCRIPT
Threat ModelingPart 1 - Overview
Brad Andrews , CISSP, CSSLPNorth Texas Cyber Security Conference
2015
Long time in the tech field Wide range of jobs – Defense, Online,
Banking, Airlines, Doc-Com, Medical, etc. 20+ Years software development
experience 10+ in Information Security M.S. and B.S. in Computer Science from the
University of Illinois Active Certifications – CISSP, CSSLP, CISM
Who Am I?
Work for one of the largest providers of pharmacy software and services in the country
Serve as Lead Faculty-Area Chair and for Information Systems Security for the University of Phoenix Online Campus
Carry out independent reading and research for my own company, RBA Communications
My Work
The views and opinions expressed in this session are mine and mine alone. They do
not necessarily represent the opinions of my employers or anyone associated with
anything!
My Opinions and Ideas Alone
Part 1 – Threat Modeling Overview Part 2 – Applying STRIDE to a System Part 3 – Applying DREAD to a System
Sessions Today
What is It? Why is It Important? How Do You Do It? Flow Diagrams are Important! Some Dangers to Avoid
Threat Modeling Overview
Figuring out all the significant threats to the system.
Microsoft has good guidance◦ I borrow from Adam Shostack later
Good overview at https://www.owasp.org/index.php/Threat_Risk_Modeling
What is Threat Modeling?
Threat Modeling Lessons from Star Wars (and Elsewhere)
https://youtu.be/KLpgaoD8ySM
Good Background Videoby Adam Shostack
We need to protect our systems Always limited time, people and money Must prioritize and focus Knowing the most important threats allows
this
It has had good results Not a panacea, just a part of the process
Why Model Threats?
Know the System
Find Threats
Detail ThreatsRank Threats
Protect Against Threats
How Do You Do It?
You need to know system interfaces and data flows to find out where it could be vulnerable.
Missing in too many cases! Don’t have to be perfect, just good enough. Visio may be worthwhile, though even Paint
can be used.
Flow Diagrams are Important
Trap #1 – You are never done◦ Ongoing process, but endpoints along the way
Trap #2 – Monolithic processes◦ Realize systems have many parts
Trap #3 – A single way to threat model◦ Use what works, not just a single formal process
Trap #4 – Working in a vacuum◦ All systems interact with other systems, not just
end users.
Dangers to Avoid (from Adam
Shostack)
Trap #5 – Threat modeling is an innate skill◦ Some have a better mindset for it, but all can
develop the needed skills◦ Improvement comes with time and practice
Trap #6 – Threat modeling is a single skill◦ Techniques – Know different approaches◦ Knowledge – Know useful data (threats/risks,
patterns, etc.) Trap #7 – Think like an attacker
◦ Limited ability to think outside your own experience
◦ Follow checklists as needed
Dangers to Avoid 2 (from Adam
Shostack)
Trap #8 – One model to rule them all◦ Model of the system◦ Model of the threats◦ Model of the attacker or user
Trap #9 – Focus only on the threats◦ Also consider the impact of requirements, threats
and mitigations Trap #10 – Waiting too long
◦ Earlier is almost always better, though review and repeat as necessary.
Dangers to Avoid 3 (from Adam
Shostack)
Be Involved Don’t Monopolize Work Together
Interactive Time
Work through an example system
Amazon is a good system to consider since most have purchased on their site
Develop a Data Flow Diagram
Questions?