Brad Andrews, CEO, RBA Communications
Threat Modeling Overview
This session will cover the basic elements of threat modeling, looking at what it does and why it is important. The goal is to provide a high level overview of the process and the use of things like data flow diagrams to look for trust boundaries attacks may come across. We will go through some common threats and hopefully a list of dangers to watch out for when carrying out threat modeling. The session will then work to interactively develop a flow diagram of Amazon.com and possibly another subject if we have time. This will all be based on looking at the system as a user, without any insider knowledge, though Threat Modeling is normally carried out by those who do know the system well.
2. Long time in the tech field
Wide range of jobs – Defense, Online,
Banking, Airlines, Doc-Com, Medical, etc.
20+ Years software development experience
10+ in Information Security
M.S. and B.S. in Computer Science from the
University of Illinois
Active Certifications – CISSP, CSSLP, CISM
3. Work for one of the largest providers of
pharmacy software and services in the
country
Serve as Lead Faculty-Area Chair and for
Information Systems Security for the
University of Phoenix Online Campus
Carry out independent reading and research
for my own company, RBA Communications
4. The views and opinions expressed in this
session are mine and mine alone. They do
not necessarily represent the opinions of my
employers or anyone associated with
anything!
5. Part 1 – Threat Modeling Overview
Part 2 – Applying STRIDE to a System
Part 3 – Applying DREAD to a System
6. What is It?
Why is It Important?
How Do You Do It?
Flow Diagrams are Important!
Some Dangers to Avoid
7. Figuring out all the significant threats to the
system.
Microsoft has good guidance
◦ I borrow from Adam Shostack later
Good overview at
https://www.owasp.org/index.php/Threat_Risk_Modeling
9. We need to protect our systems
Always limited time, people and money
Must prioritize and focus
Knowing the most important threats allows
this
It has had good results
Not a panacea, just a part of the process
11. You need to know system interfaces and data
flows to find out where it could be vulnerable.
Missing in too many cases!
Don’t have to be perfect, just good enough.
Visio may be worthwhile, though even Paint
can be used.
12. Trap #1 – You are never done
◦ Ongoing process, but endpoints along the way
Trap #2 – Monolithic processes
◦ Realize systems have many parts
Trap #3 – A single way to threat model
◦ Use what works, not just a single formal process
Trap #4 – Working in a vacuum
◦ All systems interact with other systems, not just
end users.
13. Trap #5 – Threat modeling is an innate skill
◦ Some have a better mindset for it, but all can
develop the needed skills
◦ Improvement comes with time and practice
Trap #6 – Threat modeling is a single skill
◦ Techniques – Know different approaches
◦ Knowledge – Know useful data (threats/risks,
patterns, etc.)
Trap #7 – Think like an attacker
◦ Limited ability to think outside your own experience
◦ Follow checklists as needed
14. Trap #8 – One model to rule them all
◦ Model of the system
◦ Model of the threats
◦ Model of the attacker or user
Trap #9 – Focus only on the threats
◦ Also consider the impact of requirements, threats
and mitigations
Trap #10 – Waiting too long
◦ Earlier is almost always better, though review and
repeat as necessary.