Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Threat Models for Embedded Devices Jake Edge LWN.net Embedded Linux Conference Europe October 28, 2010.

Published byCharleen Barber Modified over 8 years ago

Similar presentations

Presentation on theme: "Understanding Threat Models for Embedded Devices Jake Edge LWN.net Embedded Linux Conference Europe October 28, 2010."— Presentation transcript:

1 Understanding Threat Models for Embedded Devices Jake Edge LWN.net jake@lwn.net Embedded Linux Conference Europe October 28, 2010

2 28 October 2010ELC Europe 2010Jake Edge, LWN.net Introduction ● Analyzing threats to a device should be done during the product design phase ● Initial analysis is not based on the software installed on the device ● Potential threats are based on the planned functionality of the device ● Some thought should be given to other uses

3 28 October 2010ELC Europe 2010Jake Edge, LWN.net Threat model ● Based on the possible threats to a system ● Threats are based on several aspects of the device's intended use ● Once the threats are identified, a subset is targeted to defend ● Impossible to defend against all threats ● Narrowing down the threats to be defended allows developers to prioritize their efforts

4 28 October 2010ELC Europe 2010Jake Edge, LWN.net What is being protected? ● What data is being protected by or stored on the device? ● Alternatively: what are the consequences for the user if the device is compromised? ● Proper functioning of the device is the most basic – denial of service ● As the value of a compromise increases for an attacker, the attacks get more sophisticated

5 28 October 2010ELC Europe 2010Jake Edge, LWN.net What is being protected? ● A television or microwave probably has little data of interest to an attacker ● Network router/firewall or storage server either have or protect fairly high-value data ● Snoop on internet traffic/phone calls/... ● Drain a bank account through phishing ● Delete the family photo album ● Basic security tenet: Make the cost of an attack more than the data is worth to an attacker

6 28 October 2010ELC Europe 2010Jake Edge, LWN.net Inputs ● Inputs are the device's connections to the external world ● Network/wireless are obvious – Bluetooth, cellular voice/data, GPS a bit less obvious ● Remote controls, front panel buttons are still inputs – still vulnerable depending on location ● Weirder stuff: cameras, microphones, USB... ● The only way into the system is via inputs

7 28 October 2010ELC Europe 2010Jake Edge, LWN.net Inputs ● All inputs should at least be considered ● May reject attacks against some ● Require physical access ● Implausible attack scenarios ● Implies targeted attack at individual/organization ● Inputs “walled off” from the rest of the system

8 28 October 2010ELC Europe 2010Jake Edge, LWN.net Installation location ● Embedded devices may be “installed” in unfriendly environments ● Often can't assume physical security ● Even “home” devices can be installed elsewhere ● Internet router/firewall used in coffee shop ● TVs/DVRs installed in bars/restaurants ● Unexpected uses may lead to increased exposure to threats

9 28 October 2010ELC Europe 2010Jake Edge, LWN.net Users ● Based on the target market, the technical knowledge of the users should be considered ● Non-technical users may use the device in highly insecure ways ● Connecting devices directly to the internet ● Sharing much more data than they realize ● Are security updates planned? ● How are users supposed to find out? ● Without easy update, more hardening needed

10 28 October 2010ELC Europe 2010Jake Edge, LWN.net Example: Television ● Low-value data (if any at all) ● Few inputs (HDMI, remote control, front panel) ● Non-technical users ● Installed “everywhere” ● Relatively few security concerns ● Denial of service via crash ● Annoying folks with universal remotes (not really an issue that TV makers can be expected to fix)

11 28 October 2010ELC Europe 2010Jake Edge, LWN.net Example: Home NAS server ● Data is high-value to user, probably low value to attacker (except possibly targeted attacks) ● Network is the only real input (on/off switch) ● Non-technical users ● Generally installed behind router/firewall ● Could be attacked from inside the network (browser- based or other malware) ● Might be installed/configured insecurely

12 28 October 2010ELC Europe 2010Jake Edge, LWN.net Example: Home NAS server ● Attacker could deny access, get ransom ● Encrypt the contents ● Disable the device ● Has enough compute power to be used in a botnet ● Could be used to store attacker data ● Common flaw: default admin password ● Doesn't require the user to change it

13 28 October 2010ELC Europe 2010Jake Edge, LWN.net Other devices ● A similar analysis can be done early in the product development cycle ● Explicitly deciding not to defend against certain kinds of attacks allows developers to focus ● Customer expectations should be set correctly ● Security is always about tradeoffs

14 28 October 2010ELC Europe 2010Jake Edge, LWN.net Conclusion ● Seen as a PR problem, but it is really a customer relations issue ● Customers that get burned (or hear of others that got burned) won't return ● Once a reputation for lax security is established, it can be very hard to break (ask Microsoft) ● Starting early allows you to “bake security in” and not try to bolt in on later

Download ppt "Understanding Threat Models for Embedded Devices Jake Edge LWN.net Embedded Linux Conference Europe October 28, 2010."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Breaking Trust On The Internet

Breaking Trust On The Internet
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.

1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
Introduction Our Topic: Mobile Security Why is mobile security important?

Introduction Our Topic: Mobile Security Why is mobile security important?
Social impacts of the use of it By: Mohamed Abdalla.

Social impacts of the use of it By: Mohamed Abdalla.
{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.

{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Module 6: Designing Security for Network Hosts

Module 6: Designing Security for Network Hosts
Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.

Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.
Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.

Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
Mobile Security By Jenish Jariwala. What is Mobile Security?  Mobile Security is the protection of smartphones, tablets, laptops and other portable computing.

Mobile Security By Jenish Jariwala. What is Mobile Security?  Mobile Security is the protection of smartphones, tablets, laptops and other portable computing.
Www.safensoft.com Safe’n’Sec IT security solutions for enterprises of any size.

Safe’n’Sec IT security solutions for enterprises of any size.
Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.

Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.
1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.

1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Similar presentations

Ads by Google