1 / 30

Threat modelling

Threat modelling. A short introduction and stories from end user involvement SRM Seminar Luxembourg 22.06.2010. Per Håkon Meland - SINTEF ICT, Trondheim, Norway http://www.sintef.com/. Motivation and background. Hospital systems (2005 ) Integration and access control of EPRs

Gabriel
Télécharger la présentation

Threat modelling

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg 22.06.2010 Per Håkon Meland - SINTEF ICT, Trondheim, Norway http://www.sintef.com/

  2. Motivation and background

  3. Hospital systems (2005 ) • Integration and access control of EPRs • Models used to communicate processes and threats

  4. SHIELDS • EU project • 2008-2010 • 8 partners • Sharing of security knowledge • Models • Methods • Tools and tool input • End user evaluations • Sevaral iterations • Real end-users • Case studies and commercial products

  5. Threat modelling

  6. Threat modelling • Misuse cases and attack trees • Understand potential security threats and vulnerabilities • Understand attackers • Find security design issues before code • Determine countermeasures • Guide the code review /testing/configuration /deployment • Highly reusable • Easy to grasp

  7. Example: Media player

  8. Xine media player

  9. Let’s create a model from scratch…

  10. Main functionality: • Download data (application, codecs, skins, ...) • Play local media file • Play media stream • Actors: • Software developer • User

  11. How about reusing one?

  12. Search for existing misuse case diagrams: • “Media”, “player”, “Movie”

  13. Attack trees

  14. Hide the details • Link to attack patterns • Used to identify mitigations

  15. Finally…

  16. Create textual description to accompany the diagram • A document elaborating the diagram • Threat descriptions can be fetched from the SHIELDS SVRS • Gives an understanding of the possible attacker motivation • There can be several different mitigations • Input to risk analysis and security activity planning

  17. Case study: eTourism

  18. Approach Phase 1: Tutorial 2:Threat model created by experts 4:Model consolidated by experts 6:Threat model endorsed by experts 5:Threat model updated by developers 1:Application description 3:Threat model created by developers Phase 2: Parallel modelling Phase 3: Serial modelling

  19. Pre-visit, plan: • Hotels • Route • Experiences • Virtually explore • Post-visit, share • Pictures/videos • Route • Recommendations • Blog • Bad stuff?

  20. Case study: WaLDo

  21. Warehouse information system • Dock loading • RFID tracking • Picking lists • Advanced shipping notifications • Bad stuff?

  22. Case study: eNewsPaper

  23. Electronic newspaper • Aimed for the Paris metro • Shared from distribution points • User relays • Bad stuff?

  24. Feedback and lessons learned • New threats and mitigations were identified in all case studies • Misuse cases and attack trees: Easy to learn, easy to use • Important with diversity while doing threat modelling • Keep the size of the models down • Need more models from other application areas

  25. Share models through the SVRS! • Now contains >200 free security models • 18 misuse case models • 29 attack trees • Use the free tools, or integrate your own • Add your own, get feedback (and possibly revenue) • http://www.shields-project.eu

More Related