Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Know Your Enemy - An Introduction to Threat Modeling

767 views

Published on

A talk given at ConFoo Vancouver 2016.
Write-up to be posted at https://www.netmeister.org/blog/threat-model-101.html

Published in: Technology
  • Be the first to comment

Know Your Enemy - An Introduction to Threat Modeling

  1. 1. @jschauma  ConFoo  Vancouver  2016  
  2. 2. Jerry:  Well,  what  makes  them  think  you're  a  risk  management  expert?   George:  I  guess  it's  on  my  resume.   @jschauma  ConFoo  Vancouver  2016  
  3. 3. @jschauma  ConFoo  Vancouver  2016  
  4. 4. @jschauma  ConFoo  Vancouver  2016  
  5. 5. @jschauma  ConFoo  Vancouver  2016  
  6. 6. @jschauma  ConFoo  Vancouver  2016  
  7. 7. @jschauma  ConFoo  Vancouver  2016  
  8. 8. @jschauma  ConFoo  Vancouver  2016  
  9. 9. @jschauma  https://v.gd/ConFooThreatModel01ConFoo  Vancouver  2016  
  10. 10. @jschauma   Ceci n’est pas un hacker. ConFoo  Vancouver  2016  
  11. 11. @jschauma   Mais ceci oui ce sont des hackers.   dedicated,  human  adversaries   ConFoo  Vancouver  2016  
  12. 12. @jschauma  ConFoo  Vancouver  2016  
  13. 13. @jschauma  ConFoo  Vancouver  2016  
  14. 14. @jschauma  ConFoo  Vancouver  2016  
  15. 15. @jschauma  ConFoo  Vancouver  2016  
  16. 16. https://v.gd/ConFooThreatModel02 Threat Model 101 @jschauma  ConFoo  Vancouver  2016   By  James  Mickens  
  17. 17. •  idenKfy  assets   •  idenKfy  vulnerabiliKes   •  idenKfy  likely  threat  actors          (categorized  by  objecKves  &  capabiliKes)   •  idenKfy  defensive  capabiliKes   •  determine  risk  score   •  rinse  and  repeat   Threat Model 101 @jschauma  ConFoo  Vancouver  2016  
  18. 18. Figure  out  what  you  can  defend   against  whom,  eh?   @jschauma  ConFoo  Vancouver  2016  
  19. 19. Figure  out  what  you  can  defend   against  whom,  eh?   @jschauma  ConFoo  Vancouver  2016  
  20. 20. A  Concept  is  Stronger  than  a  Fact.   -­‐  Charlo)e  Perkins  Gilman   @jschauma  ConFoo  Vancouver  2016  
  21. 21. WWW Webservice WWW WWW Server WWW WWW Server @jschauma  ConFoo  Vancouver  2016  
  22. 22. WWW Webservice Different  /  separate   Threat  Models  @jschauma  ConFoo  Vancouver  2016  
  23. 23. Threat   Property   Spoofing   AuthenKcaKon   Tampering   Integrity   RepudiaKon   Non-­‐RepudiaKon   InformaKon  Disclosure   ConfidenKality   Denial  of  Service   Availability   ElevaKon  of  Privilege   AuthorizaKon   STRIDE   @jschauma  ConFoo  Vancouver  2016  
  24. 24. @jschauma  ConFoo  Vancouver  2016  
  25. 25. @jschauma  ConFoo  Vancouver  2016  
  26. 26. @jschauma  ConFoo  Vancouver  2016  
  27. 27. @jschauma  ConFoo  Vancouver  2016  
  28. 28. DREAD   Damage   How  bad  would  the  a_ack  be?   Reproducability   How  easy  to  recreate  the  a_ack?   Exploitability   How  easy  to  launch  the  a_ack?   Affected  Users   How  many  are  impacted?   Discoverability   How  easy  to  discover  for  a_acker?   @jschauma  ConFoo  Vancouver  2016  
  29. 29. DREAD+D   Damage   How  bad  would  the  a_ack  be?   Reproducability   How  easy  to  recreate  the  a_ack?   Exploitability   How  easy  to  launch  the  a_ack?   Affected  Users   How  many  are  impacted?   Discoverability   How  easy  to  discover  for  a_acker?   DetecKon   How  hard  to  detect  for  defender?   @jschauma  ConFoo  Vancouver  2016  
  30. 30. DREAD+D   @jschauma  ConFoo  Vancouver  2016   https://v.gd/ConFooThreatModel03
  31. 31. •  competing incentives •  industry espionage •  covert operations •  low risk profile •  bound by (some) rules •  married to a supercomputer Know Your Enemy https://v.gd/ConFooThreatModel04 @jschauma  ConFoo  Vancouver  2016  
  32. 32. •  low skill level •  opportunistic •  chaotic, yet predictable •  there may be more than you think •  never wears pants https://v.gd/ConFooThreatModel04 Know Your Enemy @jschauma  ConFoo  Vancouver  2016  
  33. 33. •  specific objective •  targeted attacks •  resourceful •  relentless •  only bound by gravity https://v.gd/ConFooThreatModel04 Know Your Enemy @jschauma  ConFoo  Vancouver  2016  
  34. 34. •  very powerful / resourceful •  may have privileged controls •  operates both clandestine & overt •  may utilize Wile E. Coyote, Mayor Quimby, Fat Tony https://v.gd/ConFooThreatModel04 Know Your Enemy @jschauma  ConFoo  Vancouver  2016  
  35. 35. Understanding  your  adversaries'   moKves  and  capabiliKes  is  criKcal.     @jschauma  ConFoo  Vancouver  2016  
  36. 36. https://xkcd.com/538/ @jschauma  ConFoo  Vancouver  2016  
  37. 37. Also works. https://xkcd.com/538/ @jschauma  ConFoo  Vancouver  2016  
  38. 38. @jschauma  ConFoo  Vancouver  2016  
  39. 39. @jschauma  ConFoo  Vancouver  2016  
  40. 40. @jschauma  ConFoo  Vancouver  2016  
  41. 41. @jschauma  ConFoo  Vancouver  2016  
  42. 42. @jschauma  ConFoo  Vancouver  2016  
  43. 43. @jschauma  ConFoo  Vancouver  2016  
  44. 44. @jschauma  ConFoo  Vancouver  2016  
  45. 45. @jschauma  ConFoo  Vancouver  2016  
  46. 46. Threat  Modeling  Process   •  idenKfy  assets,  assign  values   •  use  STRIDE  to  idenKfy  threats   •  use  DREAD+D  to  derive  threat  score   •  determine  /  recommend  defenses   •  zoom  out  /  zoom  in  &  repeat   @jschauma  ConFoo  Vancouver  2016  
  47. 47. Your  adversaries  are  people,  too.   Understand  their  moKves.   @jschauma  ConFoo  Vancouver  2016  
  48. 48. You  can't  defend  against  all  threats   all  of  the  Kme.     @jschauma  ConFoo  Vancouver  2016  
  49. 49. A_ackers  will  go  for  the  lowest  hanging  fruit.     Raising  the  cost  of  a_ack  –  not  eliminaKng  the   enKre  threat  –  is  frequently  sufficient.   @jschauma  ConFoo  Vancouver  2016  
  50. 50. @jschauma   •  Know  your  enemy.  Understand  their  moKves.   •  Know  your  vulnerabiliKes.  Rank  your  threats.   •  Know  your  defensive  capabiliKes.  Be  realis6c.   PrioriKze  what  ma_ers.   ConFoo  Vancouver  2016  

×