Download
sachin rawat crypsis sachin@crypsis net n.
Skip this Video
Loading SlideShow in 5 Seconds..
Sachin Rawat Crypsis sachin@crypsis PowerPoint Presentation
Download Presentation
Sachin Rawat Crypsis sachin@crypsis

Sachin Rawat Crypsis sachin@crypsis

232 Views Download Presentation
Download Presentation

Sachin Rawat Crypsis sachin@crypsis

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SDL Threat Modeling Sachin Rawat Crypsis sachin@crypsis.net

  2. What is Threat Modeling ? • SDL Threat Modeling is a repeatable process which involves a methodical analysis of system design or architecture to discover and mitigate threats to an application. • It helps identify design level security problems.

  3. Threat Modeling Basics • When ? • The earlier, the better • Usually starts during the design phase • Used throughout the Application Development Lifecycle • Who ? • Everyone! Development and Test Engineers, Program Managers and Security Experts • Why ? • Identify potential security issues even before writing any code • Saves cost and time • Ensures the resulting application has a better security posture

  4. Building Blocks • STRIDE • Data Flow Diagrams • + Trust Boundary • STRIDE-per-element

  5. Properties of Secure Software • Authentication • Integrity • Non-repudiation • Confidentiality • Availability • Authorization

  6. STRIDE • Spoofing : Impersonating something or someone else • Tampering : Modifying data or code • Repudiation : Claiming to have not performed an action • Information Disclosure : Exposing information to someone not authorized to see it • Denial of Service : Deny or degrade service to users • Elevation of Privilege : Gain capabilities without proper authorization

  7. Mapping Threats to Security Properties

  8. Data Flow Diagrams (DFD) for TM

  9. STRIDE-per-Element

  10. SDL Threat Modeling Process

  11. Vision • Scenarios • Use Cases / Stories • Add security to scenarios and use cases • Determine security assurances for the product

  12. Model • Create a DFD diagram of your application • Ensure all key components are represented • Represent data flow between components • Identify and draw trust boundaries between components where applicable • Start with an simple high level DFD that has just a couple of process, data stores and external entities. Break out into more details as required

  13. Identify Threats • Automatically done by the tool using STRIDE-per-element!

  14. Mitigate • Analyze each threat Four possible responses • Redesign • Use standard mitigations • Use custom mitigations • Accept risk

  15. Validate • Ensure the diagram is up-to-date and represents the actual system • Ensure all trust boundaries are represented • All threats are enumerated • Minimum STRIDE-per-element that touches a trust boundary • Ensure all threats are analyzed and appropriate actions are taken • Ensure all threats are mitigated and the mitigations are done right

  16. Validate other information captured • Dependencies • Assumptions • External Security Notes

  17. Threat Modeling Approach Summary

  18. DEMO SDL Threat Modeling Tool (v3) Walkthrough the process of creating a Threat Model for a simple web application using the SDL TM v3 tool

  19. References The Microsoft Security Development Lifecycle (SDL) http://msdn.microsoft.com/en-us/security/cc448177.aspx The Microsoft SDL Threat Modeling Tool http://msdn.microsoft.com/en-us/security/dd206731.aspx SDL blog http://blogs.msdn.com/sdl/ Writing Secure Code (Howard, Michael and David LeBlanc, Microsoft Press) Articles and blogs by Adam Shostack, Michael Howard :) Threat Modeling for LOB Applications : ACE Approach (asset centric, based on CIA threat classification) http://blogs.msdn.com/threatmodeling/

  20. Feedback / QnA • Your Feedback is Important! Please take a few moments to fill out our online feedback form • Use the Question Manager on LiveMeeting to ask your questions now!

  21. Contact • Email Address sachin@crypsis.net • Web Address www.crypsis.net