1 / 22

Sachin Rawat Crypsis sachin@crypsis

SDL Threat Modeling. Sachin Rawat Crypsis sachin@crypsis.net. What is Threat Modeling ?. SDL Threat Modeling is a repeatable process which involves a methodical analysis of system design or architecture to discover and mitigate threats to an application.

parvani-gautam
Download Presentation

Sachin Rawat Crypsis sachin@crypsis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SDL Threat Modeling Sachin Rawat Crypsis sachin@crypsis.net

  2. What is Threat Modeling ? • SDL Threat Modeling is a repeatable process which involves a methodical analysis of system design or architecture to discover and mitigate threats to an application. • It helps identify design level security problems.

  3. Threat Modeling Basics • When ? • The earlier, the better • Usually starts during the design phase • Used throughout the Application Development Lifecycle • Who ? • Everyone! Development and Test Engineers, Program Managers and Security Experts • Why ? • Identify potential security issues even before writing any code • Saves cost and time • Ensures the resulting application has a better security posture

  4. Building Blocks • STRIDE • Data Flow Diagrams • + Trust Boundary • STRIDE-per-element

  5. Properties of Secure Software • Authentication • Integrity • Non-repudiation • Confidentiality • Availability • Authorization

  6. STRIDE • Spoofing : Impersonating something or someone else • Tampering : Modifying data or code • Repudiation : Claiming to have not performed an action • Information Disclosure : Exposing information to someone not authorized to see it • Denial of Service : Deny or degrade service to users • Elevation of Privilege : Gain capabilities without proper authorization

  7. Mapping Threats to Security Properties

  8. Data Flow Diagrams (DFD) for TM

  9. STRIDE-per-Element

  10. SDL Threat Modeling Process

  11. Vision • Scenarios • Use Cases / Stories • Add security to scenarios and use cases • Determine security assurances for the product

  12. Model • Create a DFD diagram of your application • Ensure all key components are represented • Represent data flow between components • Identify and draw trust boundaries between components where applicable • Start with an simple high level DFD that has just a couple of process, data stores and external entities. Break out into more details as required

  13. Identify Threats • Automatically done by the tool using STRIDE-per-element!

  14. Mitigate • Analyze each threat Four possible responses • Redesign • Use standard mitigations • Use custom mitigations • Accept risk

  15. Validate • Ensure the diagram is up-to-date and represents the actual system • Ensure all trust boundaries are represented • All threats are enumerated • Minimum STRIDE-per-element that touches a trust boundary • Ensure all threats are analyzed and appropriate actions are taken • Ensure all threats are mitigated and the mitigations are done right

  16. Validate other information captured • Dependencies • Assumptions • External Security Notes

  17. Threat Modeling Approach Summary

  18. DEMO SDL Threat Modeling Tool (v3) Walkthrough the process of creating a Threat Model for a simple web application using the SDL TM v3 tool

  19. References The Microsoft Security Development Lifecycle (SDL) http://msdn.microsoft.com/en-us/security/cc448177.aspx The Microsoft SDL Threat Modeling Tool http://msdn.microsoft.com/en-us/security/dd206731.aspx SDL blog http://blogs.msdn.com/sdl/ Writing Secure Code (Howard, Michael and David LeBlanc, Microsoft Press) Articles and blogs by Adam Shostack, Michael Howard :) Threat Modeling for LOB Applications : ACE Approach (asset centric, based on CIA threat classification) http://blogs.msdn.com/threatmodeling/

  20. Feedback / QnA • Your Feedback is Important! Please take a few moments to fill out our online feedback form • Use the Question Manager on LiveMeeting to ask your questions now!

  21. Contact • Email Address sachin@crypsis.net • Web Address www.crypsis.net

More Related