Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Similar presentations


Presentation on theme: "Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling."— Presentation transcript:

1 Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE

2 Threat Modeling (part of Microsoft’s Trustworthy Computing) Threat Modeling (part of Microsoft’s Trustworthy Computing) ______ potential for harmful event/attack can be realized by an… that occurs due to a… ______ that should be mitigated by a… __________ ____________

3 Threat Modeling (part of Microsoft’s Trustworthy Computing) Threat Modeling (part of Microsoft’s Trustworthy Computing) Why?  create a list of vulnerabilities  bridge gap between design & deployment  help cross team communication  raise awareness of security  identify areas of security requiring more research The Players  Customers  Business Analysts  Software architects  Developers  Testers

4 Threat Modeling Steps

5  What can we prevent?  What do we care about most?  What is the worst thing that can happen?  What laws and regulations apply? Step 1: Identify Security Objectives Identify the system assets. Focus on confidentiality, integrity, availability.

6 Ways to depict software architecture: __________ Diagram _____ Diagram Step 2: Describe System Architecture

7 Class Diagrams A picture depicting classes and interconnections. Basic NotationSimple Example

8 Data Flow Diagrams A picture depicting how data flows within a software system. Basic NotationSimple Example

9 Data Flow Example 2 System Data Flow Example 2 System

10 Drill down to details of software architecture: Data Flow Diagram  processes expanded into other processes and flows Class Diagram  include methods, packages, inner classes  include files, external calls & parameter lists Step 3: Decompose app _____________

11 Example 2 Edit zoom Example 2 Edit zoom

12 This requires a systematic approach: 2) use a classification framework like STRIDE  _________(authenticity)  _________(integrity)  _________  _________ disclosure (confidentiality)  _____ of service (availability)  ________ of privilege (authorization) 1) look at detailed design for…  trust boundaries  entry points  exit points Step 4: Identify Threats

13 Attack Trees Attack trees (also called threat trees) describe the nature of an attack. Drawing attack trees helps with understanding, discovering, and mitigating threats. Notation A tree  root is the goal for the attack  children (of a node) define methods to achieve parent  children may be ORed or ANDed

14 Example

15 Develop a systematic approach:  start with an accepted approach Step 5: Rate Threats  adjust weighting with experience Two possible approaches  Risk = Threat X Asset  DREAD

16 Risk = Threat X Asset The basic formula: Risk = Threat probability * Damage potential Threat probability accounts for exploitability & mitigations. Damage potential is basically the cost or impact. Ranges?  numbers might be difficult to use  categories (3 to 5) is usually sufficient

17 A Graph of Threats High Medium Modest Low ModestMediumHigh Probability of Occurrence Potential Damage

18 DREAD (Microsoft’s first model) DREAD (Microsoft’s first model) Damage potential How much damage will the exploit produce? Reproducability How likely is it for the attack to recur? Exploitability How easy is it to carry out the attack? Affected users What fraction of users will be affected? Discoverability What are the odds an attacker can find the vul? Risk = min(D, (D+R+E+A+D)/5)

19 Problems with DREAD It’s not simple. Frequent disagreement over risk numbers  customers don’t agree with developers  people with the same roles don’t agree This lead to a simpler severity rating system... Originally, each vul (DREAD) was graded 0-no threat to 10-high. It’s subjective.


Download ppt "Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling."

Similar presentations


Ads by Google