Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Published byAnya Suarez Modified over 9 years ago

Similar presentations

Presentation on theme: "Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This."— Presentation transcript:

1 Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas http://rfidsecurity.uark.edu 1 This material is based upon work supported by the National Science Foundation under Grant No. DUE-0736741. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF). Copyright © 2008 by Dale R. Thompson {d.r.thompson@ieee.org}

2 Terminology Threat – It is a potential event that causes damage. Threat modeling – It is a security analysis to determine the most important security risks to a system. The goal is to reduce the risk to an acceptable level by determining threats to mitigate and the steps to mitigate the identified threats. Vulnerability – It is a weakness in the system. Attack – This is when an attacker takes advantage of vulnerability. Asset – It is something of value and in threat modeling is called a threat target. Threat target – It is an asset. http://rfidsecurity.uark.edu 2

3 Three components of security Assets Vulnerabilities Attackers http://rfidsecurity.uark.edu 3

4 Assemble Team Design, sales, marketing, manufacturing, etc. Led by someone with security background http://rfidsecurity.uark.edu 4

5 Threat Modeling Process Decompose the system – High-level context diagram – High-level physical view – List components Determine the threats to the system – Apply STRIDE – Create threat tree for each threat target Determine risk for each threat tree – Apply DREAD Rank threats by decreasing risk Mitigation – Choose whether to respond to threat – Choose technique to mitigate threat – Choose appropriate technologies http://rfidsecurity.uark.edu 5

6 Threat Modeling a Robotic Dog System: Robotic dog that roams the house, can bark, avoid obstacles, investigates sound, walks, sees visible and infrared, and can be controlled over the Internet. http://rfidsecurity.uark.edu 6

7 Data flow diagram http://rfidsecurity.uark.edu 7

8 High-level context diagram http://rfidsecurity.uark.edu 8

9 Next-level context diagram http://rfidsecurity.uark.edu 9

10 High-level physical view http://rfidsecurity.uark.edu 10

11 List components (threat targets = assets) User Web browser User computer Internet Network equipment Robotic dog Administrator http://rfidsecurity.uark.edu 11

12 STRIDE* threat categories Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege http://rfidsecurity.uark.edu 12 *M. Howard and D. LeBlanc, Writing Secure Code 2nd ed., Redmond, Washington: Microsoft Press, 2003.

13 Apply STRIDE Threat Model to Robotic Dog STRIDE CategoryThreat target(s) Spoofing identityUser, admin Tampering with dataInternet, wireless network RepudiationAdmin, User Information disclosureInternet, wireless, dog Denial of serviceInternet, wireless, dog, browser Elevation of privilegeUser, Admin http://rfidsecurity.uark.edu 13

14 Threat Tree http://rfidsecurity.uark.edu 14

15 Assign Risk with DREAD* Damage potential (1-10) – Measure of damage Reproducibility (1-10) – Measure of how easy it is to work Exploitability (1-10) – Measure of effort and expertise required Affected Users (1-10) – Measure of percentage of affected users Discoverability (1-10) – Measure of how easy it is to find R DREAD = average score http://rfidsecurity.uark.edu 15 *M. Howard and D. LeBlanc, Writing Secure Code 2nd ed., Redmond, Washington: Microsoft Press, 2003.

16 Rank threats by decreasing risk http://rfidsecurity.uark.edu 16

17 Mitigation Choose whether to respond to threat Choose technique to mitigate threat Choose appropriate technologies http://rfidsecurity.uark.edu 17

18 Mitigation Techniques CategoryTechniques Spoofing identityAppropriate authentication Protect secrets Don’t store secrets Tampering with dataAppropriate authentication Hashes Message authentication codes Digital signatures Tamper-resistant protocols RepudiationDigital signatures Timestamps Audit trails Information disclosureAuthorization Privacy-enhanced protocols Encryption Protect secrets Don’t store secrets Denial of serviceAppropriate authentication Appropriate authorization Filtering Throttling Quality of Service Elevation of privilegeRun with least privilege http://rfidsecurity.uark.edu18

19 Choose appropriate technologies DES, AES, XOR? http://rfidsecurity.uark.edu 19

20 Threat Modeling Process Decompose the system – High-level context diagram – High-level physical view – List components Determine the threats to the system – Apply STRIDE – Create threat tree for each threat target Determine risk for each threat tree – Apply DREAD Rank threats by decreasing risk Mitigation – Choose whether to respond to threat – Choose technique to mitigate threat – Choose appropriate technologies http://rfidsecurity.uark.edu 20

21 Contact Information Dale R. Thompson, Ph.D., P.E. Associate Professor Computer Science and Computer Engineering Dept. JBHT – CSCE 504 1 University of Arkansas Fayetteville, Arkansas 72701-1201 Phone: +1 (479) 575-5090 FAX: +1 (479) 575-5339 E-mail: d.r.thompson@ieee.org WWW: http://comp.uark.edu/~drt/ http://rfidsecurity.uark.edu 21

22 Copyright Notice, Acknowledgment, and Liability Release Copyright Notice – This material is Copyright © 2008 by Dale R. Thompson. It may be freely redistributed in its entirety provided that this copyright notice is not removed. It may not be sold for profit or incorporated in commercial documents without the written permission of the copyright holder. Acknowledgment – These materials were developed through a grant from the National Science Foundation at the University of Arkansas. Any opinions, findings, and recommendations or conclusions expressed in these materials are those of the author(s) and do not necessarily reflect those of the National Science Foundation or the University of Arkansas. Liability Release – The curriculum activities and lessons have been designed to be safe and engaging learning experiences and have been field-tested with university students. However, due to the numerous variables that exist, the author(s) does not assume any liability for the use of this product. These curriculum activities and lessons are provided as is without any express or implied warranty. The user is responsible and liable for following all stated and generally accepted safety guidelines and practices. http://rfidsecurity.uark.edu 22

Download ppt "Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This."

Similar presentations

Sachin Rawat Crypsis SDL Threat Modeling.

Sachin Rawat Crypsis SDL Threat Modeling.
Lesson Title: RFID Modulation, Encoding, and Data Rates Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: RFID Modulation, Encoding, and Data Rates Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Bridging the gap between software developers and auditors.

Bridging the gap between software developers and auditors.
Lesson Title: Tag Threats, Risks, and Mitigation Dale R. Thompson and Jia Di Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Tag Threats, Risks, and Mitigation Dale R. Thompson and Jia Di Computer Science and Computer Engineering Dept. University of Arkansas
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.

Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.
Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints.

Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints.
Threat Modeling for Hostile Client Systems Avni Rambhia.

Threat Modeling for Hostile Client Systems Avni Rambhia.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson Title: Electromagnetics and Antenna Overview Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Electromagnetics and Antenna Overview Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Lesson Title: Singulation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This material.

Lesson Title: Singulation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This material.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Firewall Implementation and Design Term: January 2005 Dana Epp COMP 4706.

Firewall Implementation and Design Term: January 2005 Dana Epp COMP 4706.
Lesson Title: Hacking RFID and other RF devices Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Hacking RFID and other RF devices Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Architecting secure software systems

Architecting secure software systems

Similar presentations

Ads by Google