New versus old asset threat models
This presentation is the property of its rightful owner.
Sponsored Links
1 / 6

New versus old asset/threat models PowerPoint PPT Presentation


  • 72 Views
  • Uploaded on
  • Presentation posted in: General

New versus old asset/threat models. Brian Smithson Ricoh Americas Corporation. What are our choices?. Adapt the old asset/threat model to the new FPP organization

Download Presentation

New versus old asset/threat models

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


New versus old asset threat models

New versus old asset/threat models

Brian Smithson

Ricoh Americas Corporation

IEEE P2600


What are our choices

What are our choices?

  • Adapt the old asset/threat model to the new FPP organization

    • P2600 std would need some rework because of decision to use some OSPs, fixing some poorly defined assets and threats , filling some holes, and dividing up some threats that cross FPP TOE boundaries.

    • FPP would require major rework – models, assets, threats, and objectives

  • Apply the new asset/threat model to the P2600 std.

    • P2600 std would require major rework – aligning asset definitions, replacing threats, dealing with threats that are outside of the PP scope, adjusting or discarding “vector” descriptions, rationalizing “risk ratings” (or adopting the “informal security requirements” approach), and aligning mitigation strategies

    • FPP for OpEnv A is nearly done; would still need to agree on informal security requirements for B,C,D and then derive FPPs

  • Decouple the P2600 and FPP and use different models

    I think this is a very bad idea, but we could do it

IEEE P2600


New old model pros cons

New model pro

Generic data-oriented model

Symmetrical threats

Consistent, traceable nomenclature

Divisible by function

Old model con

Originated with anecdotal threats, then was made to fit a model; may limit scope or imply implementation

Assumes asset valuation on behalf of others; not credible

Some inconsistencies between asset, threat, objective definitions

Functional crossover, requires major rework to FPP and some rework to P2600

New model con

Abstract and unfamiliar; may require some worked examples for understanding

Major rework to P2600

Old model pro

Great deal of investment

Captures practical experience

Good fit with P2600 “best practices” and “mitigation techniques”

Threat vector model is useful

New/old model pros/cons

IEEE P2600


Comparing the old and new pps

New (27a) versus Old (24b) PP

Assets

27a does not have an asset for resident digital components

Threats

has no equivalent for T.EA.DOS

T.DOC.STORED.DIS does not cover user docs that are not deleted (i.e. it does not yet have an O.PROTECT)

P.COMMS.NO_BRIDGE does not cover access to internal data or firmware

Objectives

No O.GENIUNE

No OE.NET_MANAGE

No O.PROTECT (yet?)

Old (24b) versus New (27a) PP

Assets

24b mgmt data doesn’t distinguish secrets from non-secrets

Threats

T.UD.ACC threats poorly defined

Objectives

No OE to require support for secure communications

I&A/ACCESS cover all assets, not just IT-controlled assets

O.NETWORK specifies confidentiality of disclosable data

FAXONLY only covers fax, not other bridgable interfaces

OE.TRAIN assumes same training for users as for administrators

Comparing the old and new PPs

  • http://grouper.ieee.org/groups/2600/presentations/WashingtonDC2007/fpp-pp24-compare-27a.xls (note that there are three tabs)

IEEE P2600


Possible mapping of non pp threats to new model

T.DOS.NET.CONNECT

T.DOS.NET.CRAFT

T.DOS.NET.FLOOD

T.DOS.PRT.CRASH

T.DOS.PRT.DELETE

T.DOS.PRT.CHANNEL

T.DOS.PRT.PRIORTY

T.DOS.FAX.HOOK

T.DOS.FAX.LOOP

T.DOS.FAX.TRAIN

T.DOS.FAX.VOLUME

T.DOS.PHY.ALTER

T.DOS.PHY.INTERFERE

T.RESOURCE.SUPPLIES

T.RESOURCE.EXHAUST

T.UD.PHY.INPUT

T.UD.PHY.CAMERA

T.UD.PHY.EM

T.UD.ANALYZE

T.TSF.SALVAGE

T.EA.DOS

T.DOS.<service>.<attack>

T.CONSUMMABLES.THEFT

T.CONSUMMABLES.EXHAUST

T.DOC.INPUT.DIS (in PP but ignored)

Needs redefinition anyway

T.DOC.EM.DIS?

T.DOC.STORED.ANALYZE?

T.SEC.STORED.ANALYZE?

Why not call this another T.DOS?

Possible mapping of non-PP threats to new model

See http://grouper.ieee.org/groups/2600/presentations/WashingtonDC2007/fpp-p2600-compare-27a.xls

IEEE P2600


Possible way to retain practical knowledge of old model but use new model

Possible way to retain practicalknowledge of old model but use new model

  • Apply new model to P2600

  • Use the threat vector model to show practical examples of threats

  • Threat vector examples flow nicely into best practices and mitigation techniques

  • Abstract threats are (appropriately) dealt with in the FPP

IEEE P2600


  • Login