Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Threat Models for Embedded Devices

Published byAsher Hunter Modified over 6 years ago

Similar presentations

Presentation on theme: "Understanding Threat Models for Embedded Devices"— Presentation transcript:

1 Understanding Threat Models for Embedded Devices
Jake Edge LWN.net Embedded Linux Conference April 13, 2010

2 Introduction Analyzing threats to a device should be done during the product design phase Initial analysis is not based on the software installed on the device Potential threats are based on the planned functionality of the device Some thought should be given to other uses 13 April 2010 ELC 2010

3 Threat model Based on the possible threats to a system
Threats are based on several aspects of the device's intended use Once the threats are identified, a subset is targeted to defend Impossible to defend against all threats Narrowing down the threats to be defended allows developers to prioritize their efforts 13 April 2010 ELC 2010

4 What is being protected?
What data is being protected by or stored on the device? Alternatively: what are the consequences for the user if the device is compromised? Proper functioning of the device is the most basic – denial of service As the value of a compromise increases for an attacker, the attacks get more sophisticated 13 April 2010 ELC 2010

5 What is being protected?
A television or microwave probably has little data of interest to an attacker Network router/firewall or storage server either have or protect fairly high-value data Snoop on internet traffic/phone calls/... Drain a bank account through phishing Delete the family photo album Basic security tenet: Make the cost of an attack more than the data is worth to an attacker 13 April 2010 ELC 2010

6 Inputs Inputs are the device's connections to the external world
Network/wireless are obvious – Bluetooth, cellular voice/data, GPS a bit less obvious Remote controls, front panel buttons are still inputs – still vulnerable depending on location Weirder stuff: cameras, microphones, USB ... The only way into the system is via inputs 13 April 2010 ELC 2010

7 Inputs All inputs should at least be considered
May reject attacks against some Require physical access Implausible attack scenarios Implies targeted attack at individual/organization Inputs “walled off” from the rest of the system 13 April 2010 ELC 2010

8 Installation location
Embedded devices may be “installed” in unfriendly environments Often can't assume physical security Even “home” devices can be installed elsewhere Internet router/firewall used in coffee shop TVs/DVRs installed in bars/restaurants Unexpected uses may lead to increased exposure to threats 13 April 2010 ELC 2010

9 Users Based on the target market, the technical knowledge of the users should be considered Non-technical users may use the device in highly insecure ways Connecting devices directly to the internet Sharing much more data than they realize Are security updates planned? How are users supposed to find out? Without easy update, more hardening needed 13 April 2010 ELC 2010

10 Example: Television Low-value data (if any at all)
Few inputs (HDMI, remote control, front panel) Non-technical users Installed “everywhere” Relatively few security concerns Denial of service via crash Annoying folks with universal remotes (not really an issue that TV makers can be expected to fix) 13 April 2010 ELC 2010

11 Example: Home NAS server
Data is high-value to user, probably low value to attacker (except possibly targeted attacks) Network is the only real input (on/off switch) Non-technical users Generally installed behind router/firewall Could be attacked from inside the network (browser-based or other malware) Might be installed/configured insecurely 13 April 2010 ELC 2010

12 Example: Home NAS server
Attacker could deny access, get ransom Encrypt the contents Disable the device Has enough compute power to be used in a botnet Could be used to store attacker data Common flaw: default admin password Doesn't require the user to change it 13 April 2010 ELC 2010

13 Other devices A similar analysis can be done early in the product development cycle Explicitly deciding not to defend against certain kinds of attacks allows developers to focus Customer expectations should be set correctly Security is always about tradeoffs 13 April 2010 ELC 2010

14 Conclusion Seen as a PR problem, but it is really a customer relations issue Customers that get burned (or hear of others that got burned) won't return Once a reputation for lax security is established, it can be very hard to break (ask Microsoft) Starting early allows you to “bake security in” and not try to bolt in on later 13 April 2010 ELC 2010

Download ppt "Understanding Threat Models for Embedded Devices"

Similar presentations

Breaking Trust On The Internet

Breaking Trust On The Internet
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.

1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
Social impacts of the use of it By: Mohamed Abdalla.

Social impacts of the use of it By: Mohamed Abdalla.
{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.

{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Module 6: Designing Security for Network Hosts

Module 6: Designing Security for Network Hosts
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.

Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.
Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.

Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
Mobile Security By Jenish Jariwala. What is Mobile Security?  Mobile Security is the protection of smartphones, tablets, laptops and other portable computing.

Mobile Security By Jenish Jariwala. What is Mobile Security?  Mobile Security is the protection of smartphones, tablets, laptops and other portable computing.
Www.safensoft.com Safe’n’Sec IT security solutions for enterprises of any size.

Safe’n’Sec IT security solutions for enterprises of any size.
Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.

Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.
1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.

1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Embedded Linux Conference6 April 2009Jake Edge - LWN.net Security Issues for Embedded Devices Jake Edge LWN.net Slides:

Embedded Linux Conference6 April 2009Jake Edge - LWN.net Security Issues for Embedded Devices Jake Edge LWN.net Slides:

Similar presentations

Ads by Google