Beruflich Dokumente
Kultur Dokumente
Threat Modeling
Ben Hickman
VP Engineering
ben.hickman@sftsrc.com
Agenda
Why Worry?
Creating a Security Process
Threat Models
The Threat Modeling Process
Secure Programming Principles
Security Testing
Questions?
Why Worry?
a competitive
140000
advantage
120000
100000
80000
60000
40000
20000
0
88
89
90
91
92
93
94
95
96
97
98
99
00
01
02
03
19
19
19
19
19
19
19
19
19
19
19
19
20
20
20
20
Creating a Security Process
•Engineer training
Secure •Secure architecture
•Security code reviews
By Design •Threat modeling
•Reduce vulnerabilities in code
Administrator
User
Interface
User
Bill payment
business logic
Web server
Web service
client
User
Upload
interface
Developer
The Threat Modeling Process
Go n levels deep
2, 3, 4, …
Until you understand the processes in the application
Consider:
Define the scope, not every inner working
Identify data sources and processes
Identify request target and response recipients
Flow of data/control across trust boundaries
Context Data Flow Diagram
Data center
Internet
Admin
Update files
Developer
Level 1 Data Flow Diagram (partial)
Data center
Machine boundary
Internet Authentication
Bill payment
Data
data
Cred-
entials Auth Bill payment
status data request
Bill payment Bill payment
Bill payment request data request
request Service Enforce
bill payment Access
User client
policy data
request
Bill payment Bill payment Bill payment
response response data
Request Requested
page code
Web
Web
service
Pages
code
2. Determine The Threats
Threat Trees
Threat Outlines
Threat Details
Threat Trees
Threat #1
Gain user’s credentials
I, S, E
1.4.1
1.4.2
User acquires
Install malicious
virus that reads
code on computer
password
Threat Outlines
Bug number …
3. Rank The Threats
Do nothing
You’ll eventually pay for this choice
Warn the user
Will the user know what to do?
Remove the problem
Rather than ship a security bug
Fix the problem
Yes!
5. Choose Mitigation Techniques
1.4.1
1.4.2
User acquires
Install malicious
Enforce strong virus that reads
Using SSL code on computer
passwords password
Need physical
Need physical
access to
access to server
machine
Secure Programming Principles
http://www.sftsrc.com