1 / 27

Threat Modeling at Symantec

Threat Modeling at Symantec. Edward Bonver Principal Software Engineer, Symantec Product Security Team Edward_Bonver@Symantec.com. Sample Agenda. What? – Intro & Definitions. 1. Who? When? How Often?. 2. How? – Not Too Technical Details of the Process. 3. A Few Extra Words of Advice. 4.

annice
Download Presentation

Threat Modeling at Symantec

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product Security Team Edward_Bonver@Symantec.com OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  2. Sample Agenda What? – Intro & Definitions 1 Who? When? How Often? 2 How? – Not Too Technical Details of the Process 3 A Few Extra Words of Advice 4 Tools 5 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  3. Defining Terms - What is a Threat? • Simplest definition: "The adversary's goals, or what an adversary might try to do to a system" • "Threat Modeling" == "Adversary's Goal Modeling" or "Modeling the Adversary's Goals“ OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Threat Modeling at Symantec

  4. What’s Threat Modeling? Threat modeling is a process of assessing and documenting a system’s security risks • Uncover security weaknesses and vulnerabilities • Rank risks • Come up with mitigations • Understand your system better OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  5. Protecting Your House OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  6. Pick Lock Learn Combo Cut Open Safe Install Improperly Find Written Combo Get Combo from Target Threaten Blackmail Evesdrop Bribe AND Listen to Conversation Get Target to State Combo Thinking Like an Attacker Open Safe OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  7. Quality Assurance • Questions: • When do your QA folks engage in a project? • QA team composition • Experience • Environment knowledge • Understand your system better • Test plans & test cases • Requirements OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  8. Security Requirements… Security Requirements? Security Requirements? SECURITY REQUIREMENTS! Security Requirements! Security Requirements??? Requirements. Add(“…and System Must be Secure!”); OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  9. A Few Philosophical Thoughts… Threat modeling is like sushi • It’s a team activity (see next slide) OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  10. Roles – Who is Involved • Architects and Developers • QA • Program Managers • Product Managers • Security Experts (Consultants) OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  11. When to Threat Model? Understanding Implementing Monitoring Concept Planning Development Verification Delivery Sustaining Security Training Security Goals and Planning Risk Assessment Threat model Best Practices Code Analysis Tools (Automation) Security & Penetration Test Fuzz Tests Config Analysis Tools Readiness Review Checkpoint Vulnerability Mgmt OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  12. Why Threat Models are Effective? • ~50%of all vulnerabilities introduced during the architecture and design phase. • Supported by Common Weakness Enumeration (CWE), from the field OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Threat Modeling at Symantec

  13. Getting There • Draw Diagram • Analyze Model • Calculate Risk • Plan Mitigation OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  14. Draw Diagram OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Threat Modeling at Symantec

  15. Analyze Model Spoofing S Can an attacker gain access using a false identity? Tampering T Can an attacker modify data as it flows through the application? Repudiation R If an attacker denies an exploit, can you prove him or her wrong? Information disclosure I Can an attacker gain access to private or potentially injurious data? Denial of service D Can an attacker crash or reduce the availability of the system? Elevation of privilege E Can an attacker assume the identity of a privileged user? OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  16. Multi- Process Data Store External Entity SR SR TID TID TID TID TID TID STIDE STIDE STIDE Data flow Process DFD shows possible Effects of Vulnerabilities OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  17. Calculate Risk • Common Vulnerability Scoring System (CVSSv2) • A rating system that goes from 1-10. • Use the National Vulnerability Database calculator OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  18. CVSSv2 Calculator Cutting Edge 2010-11: Threat Modeling at Symantec

  19. Plan Mitigation • Easy enough • CWE to the rescue OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  20. Unmitigated Threats Now what? OWASP WWW, Irvine, CA, January 28, 2011

  21. Dealing with Risk • Reduce the Risk • Transfer the Risk • Accept the Risk • Reject the Risk OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  22. Final Considerations • Threat Modeling is an ongoing process • Start small • Revisit Threat Models • Threat models are sensitive documents • Keep them in a safe location with limited team access OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  23. Documenting All Threats • Threats always exist, live forever • Vulnerabilities exist if there is an unmitigated path to realizing a threat Asset Mitigation Threat Vulnerability OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  24. Tools • Microsoft SDL Threat Modeling Tool OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  25. Tools • Excel • Digital Camera • Microsoft Word (or Notepad) • Good Revision System (CVS, Perforce, etc.) OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  26. Tools • Elevation of Privilege Card Game OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

  27. Edward Bonver Principal Software Engineer, Symantec Product Security Team Edward_Bonver@Symantec.com OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

More Related