SlideShare a Scribd company logo
Threat Modeling for the Internet of Things
Eric Vétillard
IoT Product Management Group
September 2015
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Agenda
1
2
3
4
5
Definitions
Concerns and threats
Some countermeasures
Device and gateway security
Simple checklist
3
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 4
IoT Infrastructure – Main components
Devices Enterprise Apps
Operators
IoT Service
Gateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Safety vs. Security
Safety
• Protects against malfunction
– Focus on quality
• Principles
– Coverage analysis
– Detection, mitigation, reaction
– Simplicity is better
– Redundancy helps
Security
• Protects against attackers
– Focus on robustness
– Several defence layers
• Principles
– Coverage analysis
– Detection, mitigation, reaction
– Simplicity is better
– Redundancy helps
5
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 6
Attack Surface – Main components
Devices
Operators
Enterprise Apps
Messages
REST
API
UI
Connectors
IoT Service
Gateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 7
Attack Surface – Specific to the Internet of Things
Devices
Operators
Enterprise Apps
Messages
REST
API
UI
Connectors
IOT Server
Gateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 8
Attack Surface – Software Components
Devices
Messages
IoT Service
HW / OS
Framework
Cloud/Server
Framework
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
In the Press
• In 2015, a few car-related headlines
– BMW Connected Drive hack sees 2.2 million cars exposed to remote unlocking (02/02)
– DARPA Hacks GM's OnStar To Remote Control A Chevrolet Impala (02/08)
– US Senate Report: Automakers fail to fully protect against hacking (02/09)
– Hackers take control of Jeep on the highway (August)
• A few unrelated headlines from 2014
– Hackers had struck an unnamed steel mill in Germany (Jan)
– U.S. government probes medical devices for possible cyber flaws (Oct 14)
9
Privacy
Spying
Theft
Remote
Control
Physical
damage
Murder?
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
In Practice: The BMW Hack
• A lab has been able to remotely open a BMW car
– Reverse engineering the ConnectedDrive feature to identify vulnerabilities
– Exploiting the vulnerabilities identified through an attack path
• The list of vulnerabilities is rather long
– The same keys are used in all vehicles
– Some messages are not encrypted
– Configuration data is not tamper-proof
– The crypto algorithm used (DES) is outdated and broken
– The software does not include protection against replay attacks
• One fix: The communication is now encrypted using HTTPS
10
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
The BMW Hack: Poor Decisions
Poor decision Safety reasoning Security reasoning
Using the same keys Simple process
No complex infrastructure
Keys need to be diversified
A key needs to be broken on every car
No systematic encryption Only critical messages are encrypted A secure channel protects against
reverse engineering
Configuration data no tamper-proof Configuration data integrity is
protected by a checksum
Configuration data authenticity is
protected by a cryptographic checksum
The vehicle ID is in error messages Simplify diagnosis by having the data A remote attacker doesn’t have the ID,
so let’s protect it
Using DES Well-known, fast algorithm DES is broken, let’s mandate AES
No protection against replay attacks Same message, same action A recorded message cannot have the
same effect when replayed
11
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Threat Analysis
Thinking like an attacker
• Very important to validate a design
– Identify the key assets and their flows
– Analyze how security protections can be bypassed
– Consider vulnerabilities as opportunities
• Identify countermeasures to be added to the design
– And loop again on the analysis
12
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 13
Attack Surface – Between Devices and IoT Service
Devices
Operators
Enterprise Apps
Messages
REST
API
UI
Connectors
IoT Service
Gateway
Thinking like an attacker
• Attacking the network link, remotely
• Any operation can be attacked
• Targeting admin operations can be good
• A failure can affect many deployments
Thinking like a defender
• IoT framework typically not fully under control
• Patching/update must be supported at all levels
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 14
Attack Surface – Device Low-level Software
Devices
Operators
Enterprise Apps
Messages
REST
API
UI
Connectors
IOT Server
Gateway
Thinking like an attacker
• IoT operating systems are not well protected
• Older attacks may even work
• Maybe that the update mechanism is broken
Thinking like a defender
• OS security configuration is important
• Patching/update must be supported and secure
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 16
Attack Surface – Attacking the Things and Gateways
Devices
Operators
Enterprise Apps
Messages
REST
API
UI
Connectors
IOT Server
Gateway
Thinking like an attacker
• Things and gateways are physically accessible
• I can steal one and reverse engineer it
• I can then attack another one
• Denial-of-service or tampering may be options
Thinking like a defender
• Make devices (at least partly) tamper-proof
• Otherwise, make them tamper-evident
• Include organizational measures to detect attacks
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Compromising a Device
17
Steal data
from another
device
Duplicate
registration
of a device
Activate
without
registering
Add device
record in the
cloud
Insert device
in supply
chain
Add a
compromised
device
Modify the
device’s
software
Modify an
existing
device
Modify the
device’s
hardware
Tamper with
the device
externally
Replace an
existing
device
Compromise
a device
Steal data
from the
network
Reconfigure a
gateway
Replace
device
physically
Replace
device in
cloud
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Compromising a Device – Focus on Persistent Memory
18
Compromise
a device
Tamper with
persistent memory
Tamper
with data
Tamper with
applications
Tamper with
system software
Spy on the
persistent memory
Disclose
data
Disclose
applications
Disclose system
software
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Compromising a Device – Focus on Persistent Memory
19
Spy on the
persistent memory
Disclose
data
109
Disclose
applications
Disclose system
software
Disclose system
software
Disclose
application
Disclose
application data
1
Disclose buffered
messages
2
Disclose
application data
3
Disclose server
verification data
4
Disclose device
registration data
5
Disclose device
authent data
Disclose
authent data
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Compromising a Device – Focus on Persistent Memory
20
Tamper with
persistent memory
Tamper
with data
Tamper with
applications
Tamper with
native software
2
Modify
application data
3
Modify server
verification data
4
Modify device
registration data
7
Modify a stored
application’s code
8
Modify a stored
app’s meta-data
9
Add an application
10
Modify system
softwareTamper with
application data
Tamper with
authentication data
6
Modify device
authent data
5
Modify device
identity
1
Modify buffered
messages
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Compromising a Device – Server Authentication
21
Tamper with
persistent memory
Tamper
with data
Tamper with
applications
Tamper with
native software
2
Modify
application data
3
Modify server
verification data
4
Modify device
registration data
7
Modify a stored
application’s code
8
Modify a stored
app’s meta-data
9
Add an application
10
Modify system
softwareTamper with
application data
Tamper with
authentication data
6
Modify device
authent data
5
Modify device
identity
1
Modify buffered
messages
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Oracle Internet of Things Cloud Service
Oracle Confidential – Internal/Restricted/Highly Restricted 22
Device
Virtualization
High Speed
Messaging
Stream Processing
Endpoint
Management
Event Store
IoT Cloud Service
Enterprise
Connectivity
Integration Cloud
Service
BI & Big Data
Cloud Service
Oracle
Cloud
Services
Mobile Cloud
Service
3rd party
apps
Industry
Vertical Apps
Enterprise
Apps
Cloud or On Premise
Manufacturing
Transportation
Service
Mgmt
Asset Mgmt
Firewall
Oracle IoT CS
Gateway s/w
3rd party gateway
s/w with Oracle
IoT Client Library
IoT Cloud Service
Client Libraries & Gateway
Indirectly
connected
devices
Directly
connected
devices
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
• Security mechanism
provisions and manages
trust relationships with
devices
• Uniquely assigned device
identities disallows reuse
of security credentials
across devices
23
IoT CS Ensures End-to-End Security
Trusted Devices Non-Repudiation
• Enforces authentication
prior to communication
with any device or
enterprise software,
enabling proof of origin
of data
• Transport level security
for all communication to
ensure data integrity
• Secure, managed state
transitions to control
access from devices
• Restricts types of IoT CS
operations that device
and other principals can
perform in a given state
Security Lifecycle
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
• Security mechanism
provisions and manages
trust relationships with
devices
• Uniquely assigned device
identities disallows reuse
of security credentials
across devices
24
IoT CS Ensures End-to-End Security
Trusted Devices Non-Repudiation
• Enforces authentication
prior to communication
with any device or
enterprise software,
enabling proof of origin
of data
• Transport level security
for all communication to
ensure data integrity
• Secure, managed state
transitions to control
access from devices
• Restricts types of IoT CS
operations that device
and other principals can
perform in a given state
Security Lifecycle
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 25
From HTTPS to Man-in-the-Middle
Device
HTTPS
IoT
Service
 
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 26
From HTTPS to Man-in-the-Middle
Device
HTTPS
IoT
Service

 



Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
❶ Protecting the keys (even public)
Q What if the attacker modifies my certificate?
A Keep the public key in a Secure Element and
have the Secure Element verify the signature.
❷ Checking code authenticity
Q Am I sure that no attacker changed the code?
A Add a cryptographic checksum, and check that
the signature comes from the right person.
27
❸ Adding hardware-based security
Q What if the attacker removes my checks?
A Use a secure boot mechanism based on a
hardware-based mechanism (TPM, TEE, …).
Protecting against Man-in-the-Middle
 Stopping at some point
A The SE’s security has been certified.
A The platform’s security has been certified.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
What if it isn’t Possible?
Explore alternatives
– Use tamper-resistant hardware
– Use tamper-evident hardware
– Define security procedures
– Use physical security
Example: in a factory
– Thoroughly check devices (including
software) before installing them
– Make sure that every device is covered
by a security camera
– Instruct security staff to regularly
inspect devices for unusual
28
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
That Was a Threat Model
• We went through several steps
– Defining assets to be protected
– Defining potential attack means on these assets
– Defining countermeasures, and then countermeasures on the countermeasures
– Thinking about the implementation
• This Threat Modeling process can be made more formal
– It is an essential work in an IoT deployment today
– Many vertical/industry/customer-specific aspects to the threat model
29
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Putting in Practice in Gateways and Devices
What needs to be done
• Select an IoT infrastructure
– Manage device identity, credentials,
lifecycle, communication, policies
• Select a device platform
– Robust hardware / OS / Robust
development framework
• Select a trusted hardware
– Markets with high – security insurance
needs & unprotected physical devices
How Oracle can help
• Oracle IoT Cloud Service
– State-of-the-art security and strong
integration with enterprise services
• Java ME/SE Embedded
– A guarantee of strong and secure apps
on your infrastructure
• Java Card
– To ensure that your trusted hardware
can evolve over time
30
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
A few References
• An accessible and useful book on threat analysis
– http://threatmodelingbook.com/
• Details on the BMW hack
– http://m.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s-
ConnectedDrive-2540957.html
• Scaring yourself with potential issues
– https://www.dropbox.com/s/oh6xrb7chgoks4j/internetoffails.pdf?dl=0
• A few really good recommendations
– http://www.esecurityplanet.com/network-security/6-tips-for-developing-secure-iot-
apps.html
31
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 32
Summary
• Start by thinking like an attacker
– What is “tempting” in my system?
• To who? Why?
– How can my system be attacked?
• Which components provide an opportunity
• Then think like a defender
– Identify your weaknesses
• What is wrong? What may not be right?
– Find proper countermeasures
• Work with all stakeholders
– For devices, gateways, frameworks
• Vet their security and their integration
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 33
Threat Modeling for the Internet of Things

More Related Content

What's hot

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarin
Nicolas Milcoff
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Denim Group
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
Application security
Application securityApplication security
Application security
Hagar Alaa el-din
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
InfosecTrain
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
Dilum Bandara
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
Thomas Malmberg
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
Jonathan Marcil
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to Vulnerabilities
Security Innovation
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
Dr. Anish Cheriyan (PhD)
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
Security Innovation
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
Rinaldi Rampen
 

What's hot (18)

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarin
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)
 
Application security
Application securityApplication security
Application security
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to Vulnerabilities
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
Application Security
Application SecurityApplication Security
Application Security
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
 

Viewers also liked

Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
NCC Group
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
chuckbt
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSGDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWS
Ladislav Prskavec
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...
POSSCON
 
Final
FinalFinal
Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015
DavidAllder
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
Source Conference
 
Eloqua B2B Marketing Automation
Eloqua  B2B Marketing AutomationEloqua  B2B Marketing Automation
Eloqua B2B Marketing Automation
Jim Stafford
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
Source Conference
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
Danny Wong
 
Functional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic ProgrammerFunctional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic Programmer
Raúl Raja Martínez
 
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migratingWordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
James Stone
 
NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015
Val Bercovici
 
CraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipsterCraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipster
craftworkz
 
Using Data to Drive Interactions
Using Data to Drive InteractionsUsing Data to Drive Interactions
Using Data to Drive Interactions
Neil Sholay
 
Oracle Marketing Cloud
Oracle Marketing CloudOracle Marketing Cloud
Oracle Marketing CloudBob Lewis ?
 
Customer journey mapping
Customer journey mappingCustomer journey mapping
Customer journey mappingCardiff City FC
 
Fujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA SolutionsFujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA Solutions
Fujitsu America
 

Viewers also liked (20)

Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSGDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWS
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...
 
Final
FinalFinal
Final
 
Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 
Eloqua B2B Marketing Automation
Eloqua  B2B Marketing AutomationEloqua  B2B Marketing Automation
Eloqua B2B Marketing Automation
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Functional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic ProgrammerFunctional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic Programmer
 
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migratingWordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
 
NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015
 
CraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipsterCraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipster
 
Using Data to Drive Interactions
Using Data to Drive InteractionsUsing Data to Drive Interactions
Using Data to Drive Interactions
 
Oracle Marketing Cloud
Oracle Marketing CloudOracle Marketing Cloud
Oracle Marketing Cloud
 
Customer journey mapping
Customer journey mappingCustomer journey mapping
Customer journey mapping
 
Fujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA SolutionsFujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA Solutions
 

Similar to Threat Modeling for the Internet of Things

Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure Containerization
Domenico Catalano
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
TechWell
 
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Indus Khaitan
 
Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server
zOSCommserver
 
IoT Security
IoT SecurityIoT Security
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
Eric Vétillard
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
TechWell
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
Bitbar
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
MarketingArrowECS_CZ
 
Oracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for SecurityOracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for Security
Chris Muir
 
Testing with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTesting with a Rooted Mobile Device
Testing with a Rooted Mobile Device
TechWell
 
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Denim Group
 
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Nadine Schoene
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application security
Rogue Wave Software
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
Denim Group
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
Sam Bowne
 
Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?
Tom Kranz
 
Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?
Tom Kranz
 

Similar to Threat Modeling for the Internet of Things (20)

Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure Containerization
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
 
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
 
Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
 
Oracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for SecurityOracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for Security
 
Testing with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTesting with a Rooted Mobile Device
Testing with a Rooted Mobile Device
 
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
 
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application security
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
 
Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?
 
Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?
 

More from Eric Vétillard

New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web Servers
Eric Vétillard
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
Eric Vétillard
 
Java Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCJava Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFC
Eric Vétillard
 
Java Card in Banking and NFC
Java Card in Banking and NFCJava Card in Banking and NFC
Java Card in Banking and NFC
Eric Vétillard
 
First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
Eric Vétillard
 
Java Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-EnterpriseJava Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-Enterprise
Eric Vétillard
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
Eric Vétillard
 
Java Card, 15 years later
Java Card, 15 years laterJava Card, 15 years later
Java Card, 15 years later
Eric Vétillard
 

More from Eric Vétillard (8)

New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web Servers
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
 
Java Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCJava Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFC
 
Java Card in Banking and NFC
Java Card in Banking and NFCJava Card in Banking and NFC
Java Card in Banking and NFC
 
First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
 
Java Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-EnterpriseJava Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-Enterprise
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
 
Java Card, 15 years later
Java Card, 15 years laterJava Card, 15 years later
Java Card, 15 years later
 

Recently uploaded

Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
NaapbooksPrivateLimi
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
varshanayak241
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
XfilesPro
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 

Recently uploaded (20)

Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 

Threat Modeling for the Internet of Things

  • 1. Threat Modeling for the Internet of Things Eric Vétillard IoT Product Management Group September 2015
  • 2. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Agenda 1 2 3 4 5 Definitions Concerns and threats Some countermeasures Device and gateway security Simple checklist 3
  • 4. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 4 IoT Infrastructure – Main components Devices Enterprise Apps Operators IoT Service Gateway
  • 5. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safety vs. Security Safety • Protects against malfunction – Focus on quality • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps Security • Protects against attackers – Focus on robustness – Several defence layers • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps 5
  • 6. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 6 Attack Surface – Main components Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway
  • 7. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 7 Attack Surface – Specific to the Internet of Things Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway
  • 8. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 8 Attack Surface – Software Components Devices Messages IoT Service HW / OS Framework Cloud/Server Framework
  • 9. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In the Press • In 2015, a few car-related headlines – BMW Connected Drive hack sees 2.2 million cars exposed to remote unlocking (02/02) – DARPA Hacks GM's OnStar To Remote Control A Chevrolet Impala (02/08) – US Senate Report: Automakers fail to fully protect against hacking (02/09) – Hackers take control of Jeep on the highway (August) • A few unrelated headlines from 2014 – Hackers had struck an unnamed steel mill in Germany (Jan) – U.S. government probes medical devices for possible cyber flaws (Oct 14) 9 Privacy Spying Theft Remote Control Physical damage Murder?
  • 10. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In Practice: The BMW Hack • A lab has been able to remotely open a BMW car – Reverse engineering the ConnectedDrive feature to identify vulnerabilities – Exploiting the vulnerabilities identified through an attack path • The list of vulnerabilities is rather long – The same keys are used in all vehicles – Some messages are not encrypted – Configuration data is not tamper-proof – The crypto algorithm used (DES) is outdated and broken – The software does not include protection against replay attacks • One fix: The communication is now encrypted using HTTPS 10
  • 11. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | The BMW Hack: Poor Decisions Poor decision Safety reasoning Security reasoning Using the same keys Simple process No complex infrastructure Keys need to be diversified A key needs to be broken on every car No systematic encryption Only critical messages are encrypted A secure channel protects against reverse engineering Configuration data no tamper-proof Configuration data integrity is protected by a checksum Configuration data authenticity is protected by a cryptographic checksum The vehicle ID is in error messages Simplify diagnosis by having the data A remote attacker doesn’t have the ID, so let’s protect it Using DES Well-known, fast algorithm DES is broken, let’s mandate AES No protection against replay attacks Same message, same action A recorded message cannot have the same effect when replayed 11
  • 12. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Threat Analysis Thinking like an attacker • Very important to validate a design – Identify the key assets and their flows – Analyze how security protections can be bypassed – Consider vulnerabilities as opportunities • Identify countermeasures to be added to the design – And loop again on the analysis 12
  • 13. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 13 Attack Surface – Between Devices and IoT Service Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway Thinking like an attacker • Attacking the network link, remotely • Any operation can be attacked • Targeting admin operations can be good • A failure can affect many deployments Thinking like a defender • IoT framework typically not fully under control • Patching/update must be supported at all levels
  • 14. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 14 Attack Surface – Device Low-level Software Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • IoT operating systems are not well protected • Older attacks may even work • Maybe that the update mechanism is broken Thinking like a defender • OS security configuration is important • Patching/update must be supported and secure
  • 15. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 16 Attack Surface – Attacking the Things and Gateways Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • Things and gateways are physically accessible • I can steal one and reverse engineer it • I can then attack another one • Denial-of-service or tampering may be options Thinking like a defender • Make devices (at least partly) tamper-proof • Otherwise, make them tamper-evident • Include organizational measures to detect attacks
  • 16. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device 17 Steal data from another device Duplicate registration of a device Activate without registering Add device record in the cloud Insert device in supply chain Add a compromised device Modify the device’s software Modify an existing device Modify the device’s hardware Tamper with the device externally Replace an existing device Compromise a device Steal data from the network Reconfigure a gateway Replace device physically Replace device in cloud
  • 17. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 18 Compromise a device Tamper with persistent memory Tamper with data Tamper with applications Tamper with system software Spy on the persistent memory Disclose data Disclose applications Disclose system software
  • 18. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 19 Spy on the persistent memory Disclose data 109 Disclose applications Disclose system software Disclose system software Disclose application Disclose application data 1 Disclose buffered messages 2 Disclose application data 3 Disclose server verification data 4 Disclose device registration data 5 Disclose device authent data Disclose authent data
  • 19. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 20 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
  • 20. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Server Authentication 21 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
  • 21. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Internet of Things Cloud Service Oracle Confidential – Internal/Restricted/Highly Restricted 22 Device Virtualization High Speed Messaging Stream Processing Endpoint Management Event Store IoT Cloud Service Enterprise Connectivity Integration Cloud Service BI & Big Data Cloud Service Oracle Cloud Services Mobile Cloud Service 3rd party apps Industry Vertical Apps Enterprise Apps Cloud or On Premise Manufacturing Transportation Service Mgmt Asset Mgmt Firewall Oracle IoT CS Gateway s/w 3rd party gateway s/w with Oracle IoT Client Library IoT Cloud Service Client Libraries & Gateway Indirectly connected devices Directly connected devices
  • 22. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 23 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
  • 23. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 24 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
  • 24. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 25 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service  
  • 25. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 26 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service      
  • 26. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | ❶ Protecting the keys (even public) Q What if the attacker modifies my certificate? A Keep the public key in a Secure Element and have the Secure Element verify the signature. ❷ Checking code authenticity Q Am I sure that no attacker changed the code? A Add a cryptographic checksum, and check that the signature comes from the right person. 27 ❸ Adding hardware-based security Q What if the attacker removes my checks? A Use a secure boot mechanism based on a hardware-based mechanism (TPM, TEE, …). Protecting against Man-in-the-Middle  Stopping at some point A The SE’s security has been certified. A The platform’s security has been certified.
  • 27. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | What if it isn’t Possible? Explore alternatives – Use tamper-resistant hardware – Use tamper-evident hardware – Define security procedures – Use physical security Example: in a factory – Thoroughly check devices (including software) before installing them – Make sure that every device is covered by a security camera – Instruct security staff to regularly inspect devices for unusual 28
  • 28. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | That Was a Threat Model • We went through several steps – Defining assets to be protected – Defining potential attack means on these assets – Defining countermeasures, and then countermeasures on the countermeasures – Thinking about the implementation • This Threat Modeling process can be made more formal – It is an essential work in an IoT deployment today – Many vertical/industry/customer-specific aspects to the threat model 29
  • 29. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Putting in Practice in Gateways and Devices What needs to be done • Select an IoT infrastructure – Manage device identity, credentials, lifecycle, communication, policies • Select a device platform – Robust hardware / OS / Robust development framework • Select a trusted hardware – Markets with high – security insurance needs & unprotected physical devices How Oracle can help • Oracle IoT Cloud Service – State-of-the-art security and strong integration with enterprise services • Java ME/SE Embedded – A guarantee of strong and secure apps on your infrastructure • Java Card – To ensure that your trusted hardware can evolve over time 30
  • 30. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | A few References • An accessible and useful book on threat analysis – http://threatmodelingbook.com/ • Details on the BMW hack – http://m.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s- ConnectedDrive-2540957.html • Scaring yourself with potential issues – https://www.dropbox.com/s/oh6xrb7chgoks4j/internetoffails.pdf?dl=0 • A few really good recommendations – http://www.esecurityplanet.com/network-security/6-tips-for-developing-secure-iot- apps.html 31
  • 31. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 32 Summary • Start by thinking like an attacker – What is “tempting” in my system? • To who? Why? – How can my system be attacked? • Which components provide an opportunity • Then think like a defender – Identify your weaknesses • What is wrong? What may not be right? – Find proper countermeasures • Work with all stakeholders – For devices, gateways, frameworks • Vet their security and their integration Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
  • 32. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 33