1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.

Slides:



Advertisements
Similar presentations
Sachin Rawat Crypsis SDL Threat Modeling.
Advertisements

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Bridging the gap between software developers and auditors.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.
Guidelines and Tools for ADM
Cassio Goldschmidt May 13 th, Introduction 2.
Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.
August 1, 2006 Software Security. August 1, 2006 Essential Facts Software Security != Security Features –Cryptography will not make you secure. –Application.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
THREAT MODELLING Kick start your application security with Threat Modelling.
Application Threat Modeling Workshop
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
SEC835 Database and Web application security Information Security Architecture.
Architecting secure software systems
Information Systems Security Computer System Life Cycle Security.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
A Security Review Process for Existing Software Applications
Information Systems Analysis and Design
امیرحسین علی اکبریان.  Introduction  Goals of Threat Modeling  The approach Overview.
Test Roles and Independence of Testing Telerik Software Academy Software Quality Assurance.
Cassio Goldschmidt June 29 th, Introduction 2.
1 Presented by July-2013, IIM Indore. 2  RFID = Radio Frequency IDentification.  RFID is ADC (Automated Data Collection) technology that:-  uses radio-frequency.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
CSCE 522 Secure Software Development Best Practices.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Practical Threat Modeling for Software Architects & System Developers
CSCE 548 Secure Software Development Security Operations.
Module 5 – Vulnerability Identification  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.
CSCE 201 Secure Software Development Best Practices.
Module 2: Designing Network Security
What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
Lesson Title: Media Interface Threats, Risks, and Mitigation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 RFID Security Nicholas Alteen Computer Science Program Florida Gulf.
Chapter 1: Security Governance Through Principles and Policies
Module 7: Designing Security for Accounts and Services.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Risk Assessment What is good about the Microsoft approach to threat modeling? What is bad about it? OCTAVE…  Advantage: ___________  Disadvantage: ___________.
Presented by Mike Sues, Ethical Hack Specialist Threat Modeling.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
Threat Modeling: Employing the 5 Ws Security Series, December 13, 2013 Jeff Minelli Penn State ITS
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Risk Assessment AFFORDABLE SOLUTION USING E XCEL AND P OWER BI.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Matthias Rohr Practical Threat Modeling with Microsofts Threat Modeling Tool 2016.
CS457 Introduction to Information Security Systems
Threat Modeling for Cloud Computing
Threat Modeling - An Overview All Your Data is Mine
Execution with Unnecessary Privileges
Evaluating Existing Systems
Threat modeling Aalto University, autumn 2013.
Evaluating Existing Systems
Off-line Risk Assessment of Cloud Service Provider
A Security Review Process for Existing Software Applications
CSCE 548 Secure Software Development Test 1 Review
Secure Coding: SDLC Integration Sixfold Path
Threat Modeling 101 Jozsef Ottucsak OWASP Santa Barbara 12/07/18.
The role of the test organization in a Security Sensitive project
Engineering Secure Software
Copyright Gupta Consulting, LLC.
Presentation transcript:

1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product Security Team

Sample Agenda OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec 2 What? – Intro & Definitions 1 Who? When? How Often? 2 How? – Not Too Technical Details of the Process 3 A Few Extra Words of Advice 4 Tools 5

3 Defining Terms - What is a Threat? Simplest definition: "The adversary's goals, or what an adversary might try to do to a system" "Threat Modeling" == "Adversary's Goal Modeling" or "Modeling the Adversary's Goals“ Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

What’s Threat Modeling? Threat modeling is a process of assessing and documenting a system’s security risks Uncover security weaknesses and vulnerabilities Rank risks Come up with mitigations Understand your system better 4 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

5 Protecting Your House OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

6 Thinking Like an Attacker Open Safe Pick Lock Learn Combo Cut Open Safe Install Improperly Find Written Combo Get Combo from Target Blackmail ThreatenEvesdrop Bribe Listen to Conversation Get Target to State Combo AND OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

Quality Assurance Questions: – When do your QA folks engage in a project? – QA team composition – Experience – Environment knowledge Understand your system better – Test plans & test cases – Requirements OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec 7

Security Requirements… 8 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Security Requirements? Security Requirements! Security Requirements??? Requirements. Add(“…and System Must be Secure!”);

A Few Philosophical Thoughts… Threat modeling is like sushi 9 It’s a team activity (see next slide) OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

10 Roles – Who is Involved Architects and Developers QA Program Managers Product Managers Security Experts (Consultants) OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

11 ImplementingMonitoring Security Training Code Analysis Tools (Automation) Fuzz Tests Config Analysis Tools Security & Penetration Test Vulnerability Mgmt Security Goals and Planning Risk Assessment Best Practices Readiness Review Checkpoint Understanding Threat model OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec When to Threat Model?

Why Threat Models are Effective? ~50% of all vulnerabilities introduced during the architecture and design phase. Supported by Common Weakness Enumeration (CWE), from the field 12 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

13 Getting There 1.Draw Diagram 2.Analyze Model 3.Calculate Risk 4.Plan Mitigation OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

Draw Diagram 14 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

Analyze Model SS TT RR II DD Tampering Repudiation Information disclosure Denial of service Can an attacker gain access using a false identity? Can an attacker modify data as it flows through the application? If an attacker denies an exploit, can you prove him or her wrong? Can an attacker gain access to private or potentially injurious data? Can an attacker crash or reduce the availability of the system? EE Elevation of privilege Can an attacker assume the identity of a privileged user? Spoofing 15 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

16 DFD shows possible Effects of Vulnerabilities STI DE TID TID TID TID TID TID SR SR External Entity Multi- Process Data Store Data flow OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

Common Vulnerability Scoring System (CVSSv2) A rating system that goes from Use the National Vulnerability Database calculatorNational Vulnerability Database calculator 17 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Calculate Risk

18 CVSSv2 Calculator Cutting Edge : Threat Modeling at Symantec

Plan Mitigation 19 OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Easy enough CWE to the rescue

Unmitigated Threats Now what? 20 OWASP WWW, Irvine, CA, January 28, 2011

21 Dealing with Risk Reduce the Risk Transfer the Risk Accept the Risk Reject the Risk OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

22 Final Considerations Threat Modeling is an ongoing process Start small Revisit Threat Models Threat models are sensitive documents – Keep them in a safe location with limited team access OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

23 Documenting All Threats Threats always exist, live forever Vulnerabilities exist if there is an unmitigated path to realizing a threat Threat Asset Mitigation Vulnerability OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

24 Tools Microsoft SDL Threat Modeling Tool OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec

25 Tools Excel Digital Camera Microsoft Word (or Notepad) Good Revision System (CVS, Perforce, etc.)

OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec 26 Tools Elevation of Privilege Card Game

Thank you! OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec 27 Edward Bonver Principal Software Engineer, Symantec Product Security Team