Beruflich Dokumente
Kultur Dokumente
3ApproachestoThreatModeling
HOME
THREATMODELER
FAQ
BLOG
TRAINING&SERVICES
ABOUTUS
Search
ThreatModelerFAQ
ThreatModelerPlanComparison
ThreatModelerStakeholderBenefits
DownloadDatasheet
ScheduleDemo
28
May
2012
3ApproachestoThreatModeling
onMAY28,2012ByMYAPPSECURITYInTHREATMODELING
GettingStartedwithThreatModeler
LEAVEACOMMENT
ThreatModelingcanbeviewedintwodifferent,butrelatedcontexts.Oneistheimplementationofsecurity
controlsbyarchitectsthatmaptosecurityrequirementsandpolicyandtheotheristoreflectallpossibleknown
attackstocomponentsorassetsinathreatmodel,withthegoalofimplementingcountermeasuresagainst
thosethreats.
Blog
July2014
June2014
Thethreegeneralapproachestothreatmodelingare:
Softwarecentric
Assetcentric
Attackercentric
TheFigurebelowillustratesthecomponentsthatprovidethebasisfordifferentapproachestothreatmodeling:
May2014
March2014
August2013
June2013
October2012
August2012
June2012
May2012
Belowisabriefdescriptionofeachofthedifferentapproaches:
SoftwareCentricThreatModeling:
Thisapproachinvolvesthedesignofthesystemandcanbeillustratedusingsoftwarearchitecturediagrams
http://myappsecurity.com/approachestothreatmodeling/
1/3
24/04/2015
3ApproachestoThreatModeling
suchasdataflowdiagrams(DFD),usecasediagrams,orcomponentdiagrams.
Thismethodiscommonlyusedtothreatmodelnetworksandsystemsandhasbeenadoptedasthedefacto
standardforthreatmodeling.AgoodexampleofasoftwarecentricapproachisMicrosoftsSecure
DevelopmentLifecycle(SDL)framework.BoththeMicrosoftSDLandThreatAnalysis&Modeling(TAM)tools
illustratethreatmodelingbymeansofDFDs.
WithitsproductThreatModeler,MyAppSecurityprovidesathreatmodelingframeworkthatencompassesa
highlevelcomponentbaseddesign,combinedwithasoftwarecentricapproach.Fromthethreatmodel,
threatstoeachcomponentaredisplayedandspecificsecuritycontrolsareidentifiedthatwillmitigatethe
threats,alongwithsecurecodingstandardsthatshouldbeappliedduringtheapplicationdesignphase.
AssetCentricThreatModeling:
Anassetcentricapproachinvolvesidentifyingtheassetsofanorganizationentrustedtoasystemorsoftware,
(i.e.),dataprocessedbythesoftware.Assetsareclassifiedaccordingtodatasensitivityandtheirintrinsicvalue
toapotentialattacker,inordertoprioritizerisklevels.
Usingthisapproachtothreatmodeling,attacktrees,attackgraphs,ordisplayingpatternsbywhichanasset
canbeattackedaregenerated.Securityprofessionalsoftenarguethatthisapproachshouldnotbeclassified
asthreatmodeling,butissimplytheinevitableresultofasoftwarecentricdesignapproach.
Thisapproachhelpsidentifymultistepattacksandpathsbywhichanattackercanreachanasset.Basedon
riskanalysis,thesepathscanthenbeweightedandprioritizedaccordingly.TrikeandAmenazasSecuritree,
bothsupportthecreationofattacktrees,whileThreatModelerautomaticallygeneratesattacktreesfromthe
dataprovidedinthesoftwarecomponentthreatmodel.
AttackerCentricThreatModeling:
Anattackercentricapproachtothreatmodelingrequiresprofilinganattackerscharacteristics,skillset,and
motivationtoexploitvulnerabilities,andthenusingthoseprofilestounderstandthetypeofattackerwhowould
bemostlikelytoexecutespecifictypesofexploits,andimplementamitigationstrategyaccordingly.
Theattackercentricapproachalsousestreediagrams.Keyelementsofthisapproachincludefocusingonthe
specificgoalsofanattacker,thevariousconsiderationsrelatedtothesystemuponwhichtheattackcouldbe
perpetrated,alongwithitssoftwareandassets,howtheattackcouldbecarriedout,andfinally,ameansto
detectormitigatesuchanattack.Ananalystmayalsolistandanalyzerelatedattackpatternsorapproachesto
makethesesamedeterminations.
Anexamplewouldbeanattacktoobtaininformationfromabackenddatabase.Theconsiderationswouldbe
toensurethatadatabaseisbeingusedatthebackend,alongwiththemeanstoenterdatabasequeriesas
input,andfinallyavoidingdetectionandpreventionmechanisms.TheapproachwouldbespecificSQL
Injectioncommandsforthedatabaseidentified,orthepotentialuseoftoolsbywhichtheexploitationprocess
couldbeautomated.
ThreatModeler,MyAppSecuritysflagshipoffering,istheindustrysfirstautomated,scalable,andrepeatable
threatmodelingproduct.PleasecontactustolearnmoreaboutThreatModeler.
References:
http://www.myappsecurity.com/threatmodeler/
http://www.microsoft.com/security/sdl/default.aspx
http://en.wikipedia.org/wiki/Threat_model
http://www.csl.sri.com/projects/cam/
0
Relatedposts:
1. ComparisonofThreatModelingMethodologies
2. Top5ReasonstoImplementThreatModeling
3. ThreatModeling:Past,PresentandFuture
http://myappsecurity.com/approachestothreatmodeling/
2/3
24/04/2015
3ApproachestoThreatModeling
4. ComparingThreatModelertoMicrosoftThreatModelingTool(TMT)
Commentsareclosed.
(C)CopyrightMyAppSecurity201315
http://myappsecurity.com/approachestothreatmodeling/
3/3