Presentation is loading. Please wait.

Presentation is loading. Please wait.

ICT 1 Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg 22.06.2010 Per Håkon Meland - SINTEF ICT, Trondheim,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ICT 1 Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg 22.06.2010 Per Håkon Meland - SINTEF ICT, Trondheim,"— Presentation transcript:

1 ICT 1 Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg 22.06.2010 Per Håkon Meland - SINTEF ICT, Trondheim, Norway http://www.sintef.com/

2 ICT 2 Motivation and background

3 ICT 3 Hospital systems (2005  ) Integration and access control of EPRs Models used to communicate processes and threats

4 ICT 4 The target group was the ordinary ”developer-on-the- street” Hands-on techniques for improving software security Tøndel et al: Security Requirements for the Rest of Us, IEEE Software January/February 2008 Røstad et al: Learning by Failing (and Fixing), IEEE Security & Privacy, July/August 2008 Jaatun et al: Covering Your Assets in Software Engineering, ARES 2008 Meland et al: Secure Software Design in Practice, SecSE 2008 Ardi et al: How can the developer benefit from security modeling?, ARES 2007 SODA - a Security-Oriented Software Development Framework (2006-2008)

5 ICT 5 SHIELDS EU project 2008-2010 8 partners Sharing of security knowledge Models Methods Tools and tool input End user evaluations Sevaral iterations Real end-users Case studies and commercial products

6 ICT 6 Overview of SHIELDS activities

7 ICT 7 Threat modelling

8 ICT 8 Threat modelling Michael HowardSteve Lipner If we had our hands tied behind our backs … and could do only one thing to improve software security … we would do threat modeling ”The Security Development Lifecycle”, Microsoft Press, 2006

9 ICT 9 Threat modelling Misuse cases and attack trees Understand potential security threats and vulnerabilities Understand attackers Find security design issues before code Determine countermeasures Guide the code review /testing/configuration /deployment Highly reusable Easy to grasp

10 ICT 10 Example: Media player

11 ICT 11 Xine media player

12 ICT 12 Let’s create a model from scratch…

13 ICT 13 Main functionality: Download data (application, codecs, skins,...) Play local media file Play media stream Actors: Software developer User

14 ICT 14

15 ICT 15

16 ICT 16 How about reusing one?

17 ICT 17 Search for existing misuse case diagrams: “Media”, “player”, “Movie”

18 ICT 18

19 ICT 19 Attack trees

20 ICT 20 Hide the details Link to attack patterns Used to identify mitigations

21 ICT 21 Finally…

22 ICT 22 Create textual description to accompany the diagram A document elaborating the diagram Threat descriptions can be fetched from the SHIELDS SVRS Gives an understanding of the possible attacker motivation There can be several different mitigations Input to risk analysis and security activity planning

23 ICT 23 Threat: Launch malicious code through video file Mitigations: Validate length of incoming data elements Validate type of incoming data elements Security goal: Input validation Typical vulnerabilities: Integer overflow

24 ICT 24 security modeling is usually done with general-purpose drawing tools 1 … or on blackboards Little reuse of models (knowledge) between projects and organisations 2 Lots of variation in notation Observations 1.S. Ardi, D. Byers, P. H. Meland, I. A. Tøndel, and N. Shahmehri, “How can the developer benefit from security modeling?” Availability, Reliability and Security, International Conference on, vol. 0, pp. 1017– 1025, 2007. 2.Meland, Tøndel, Jensen, ” Reusability of threat models - an experimental evaluation”, International Symposium on Engineering Secure Software and Systems, Pisa, 2010 (ESSoS’10)

25 ICT 25 GPDT vs dedicated tool support? Egil Trygve Baadshaug, Gencer Erdogan, Per Hâkon Meland, "Security Modeling and Tool Support Advantages," ARES, pp.537-542, 2010 International Conference on Availability, Reliability and Security, 2010 Ded.Sec.Mod.Tool ~20 min of exp. Strict Pre-installed GPDT >4 years of exp. Freedom Pre-made palette Pre-installed 10 student, 2 rounds with each tool, 2 models Indications: 60% less time required, more correct models, 90% preferred ded.tool, freedom can be bad

26 ICT 26 Case study: eTourism

27 ICT 27 Approach 1:Application description 2:Threat model created by experts 3:Threat model created by developers 4:Model consolidated by experts 5:Threat model updated by developers 6:Threat model endorsed by experts Phase 2: Parallel modelling Phase 3: Serial modelling Phase 1: Tutorial

28 ICT 28 Pre-visit, plan: Hotels Route Experiences Virtually explore Post-visit, share Pictures/videos Route Recommendations Blog Bad stuff?

29 ICT 29 Case study: WaLDo

30 ICT 30 Warehouse information system Dock loading RFID tracking Picking lists Advanced shipping notifications Bad stuff?

31 ICT 31

32 ICT 32 Case study: eNewsPaper

33 ICT 33 Electronic newspaper Aimed for the Paris metro Shared from distribution points User relays Bad stuff?

34 ICT 34

35 ICT 35 Feedback and lessons learned New threats and mitigations were identified in all case studies Misuse cases and attack trees: Easy to learn, easy to use Important with diversity while doing threat modelling Keep the size of the models down Need more models from other application areas

36 ICT 36 Share models through the SVRS! Now contains >200 free security models 18 misuse case models 29 attack trees Use the free tools, or integrate your own Add your own, get feedback (and possibly revenue) http://www.shields-project.eu

Download ppt "ICT 1 Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg 22.06.2010 Per Håkon Meland - SINTEF ICT, Trondheim,"

Similar presentations

Processes. Outline Definition of process Type of processes Improvement models Example Next steps… 1.

Processes. Outline Definition of process Type of processes Improvement models Example Next steps… 1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.

Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.

Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.
August 1, 2006 XP Security. August 1, 2006 Comparing XP and Security Goals XP GOALS User stories No BDUF Refactoring Continuous integration Simplicity.

August 1, 2006 XP Security. August 1, 2006 Comparing XP and Security Goals XP GOALS User stories No BDUF Refactoring Continuous integration Simplicity.
Applying blogs to a language learning context Tríona Hourigan Institute for the Study of Knowledge in Society University of Limerick.

Applying blogs to a language learning context Tríona Hourigan Institute for the Study of Knowledge in Society University of Limerick.
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
Requirements Analysis 5. 1 CASE - 2005b505.ppt © Copyright De Montfort University 2000 All Rights Reserved INFO2005 Requirements Analysis CASE Computer.

Requirements Analysis 5. 1 CASE b505.ppt © Copyright De Montfort University 2000 All Rights Reserved INFO2005 Requirements Analysis CASE Computer.
Project Life Cycle Jon Ivins DMU. Introduction n Projects consist of many separate components n Constraints include: time, costs, staff, equipment n Assets.

Project Life Cycle Jon Ivins DMU. Introduction n Projects consist of many separate components n Constraints include: time, costs, staff, equipment n Assets.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Software Security Testing by Gary McGraw, Bruce Potter presented by Edward Bonver 11/07/2005.

Software Security Testing by Gary McGraw, Bruce Potter presented by Edward Bonver 11/07/2005.
COMP 350: Object Oriented Analysis and Design Lecture 2

COMP 350: Object Oriented Analysis and Design Lecture 2
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.

What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Software Documentation Written By: Ian Sommerville Presentation By: Stephen Lopez-Couto.

Software Documentation Written By: Ian Sommerville Presentation By: Stephen Lopez-Couto.
WITS : INFOLIT THROUGH WEB 2.0 TECHNOLOGY” Xoliswa Xanko1 Commerce Library University of the Witwatersrand.

WITS : INFOLIT THROUGH WEB 2.0 TECHNOLOGY” Xoliswa Xanko1 Commerce Library University of the Witwatersrand.
Application Threat Modeling Workshop

Application Threat Modeling Workshop

Similar presentations

Ads by Google