vgtu intro to threats 2015
TRANSCRIPT
Information systemsthreat modelingVGTU 2015
About me
Audrius Kovalenko | @slicklash
NOT Computer Security Expert
Just a developer
Which one is more secure?
Which one is more secure?
INSECURE*87% INSECURE
INSECURE
(IN)SECURE
link
link
link
What’s a “secure” system?
What’s a “secure” system?
Good security = Prevention + Detection + Response
Security properties
Authentication
Integrity
Non-repudiation
Confidentiality
Availability
Authorization
Security threats
Authentication Spoofing
Integrity Tampering
Non-repudiation Repudiation
Confidentiality Information Disclosure
Availability Denial of Service
Authorization Elevation of Privilege
STRIDE
SpoofingSTRIDE
TamperingSTRIDE
Dr. David Warren
RepudiationSTRIDE
Information disclosureSTRIDE
Hacked Same Password Success
Denial of serviceSTRIDE
Elevation of privilegeSTRIDE
Lack of security designlast minute fixes
Securing the designthreat modeling
What are you building?data flow diagram
Decompositionroles
User Roles
Name Description AuthenticationAdmin Administrators have complete and unrestricted access to Notices, Partner Accounts and Logs. Windows
Partner Partners can create, read and update Notices. Basic
User Users can read and update Notices. Forms
Service Roles
Name Description Authentication
APP Role Identity APP is running as. Windows Integrated (ApplicationPoolIndentity)
SVC Role Identity SVC is running as. Windows Integrated (Local System)
MSMQ Role Identity MSMQ is running as. Windows Integrated (Network Service)
Decomposition (2)components
Components
Name Roles Type Run As Communication Channel Technology Uses
APP AdminUser
Website APP Role HTTPS C#, ASP.NET MVC 5 Cryptography,File I/O
API Partner Website API Role HTTPS C#, ASP.NET MVC 5 Cryptography,File I/O
SVC MSMQ Windows Service
SVC Role TCP/IP C# Cryptography,File I/O
Decomposition (3)data
Data
Name Description Data Elements Data Stores
Form Defines structure of a Notice Fields Database
Access Control
Role Access Control Remarks
Admin C R U D
Partner R Limited information. Form must be published.
User
What can go wrong?card games
What can go wrong? (2)checklists
CAPEChttps://capec.mitre.org/data/index.html
OWASP ASVShttps://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification...
OWASP AppSensorhttps://www.owasp.org/index.php/AppSensor_DetectionPoints
How to prioritize?convert threat to risk
Risk
Loss eventfrequence
Loss magnitude
Threat eventfrequence
prob. Threat agent actions result in loss
How to mitigate?raise the cost
Time
Skills
Money
etc.
capability
How to make it work for you?
Practice
Experience
Reflection
Theory
find your own way
Books
http://www.cl.cam.ac.uk/~rja14/book.html
Books
FAIR STRIDE PASTA
ResourcesSTRIDEhttp://blogs.microsoft.com/cybertrust/2007/09/11/stride-chart
OWASP Cornucopia https://www.owasp.org/index.php/OWASP_Cornucopia
EoP Card Gamehttps://www.microsoft.com/en-us/SDL/adopt/eop.aspx
FAIRhttp://www.risklens.com/what-is-fair
SAFECodehttp://www.safecode.org/publications
QA