Presentation is loading. Please wait.

Presentation is loading. Please wait.

A short introduction and stories from end user involvement

Published byLydia Dorsey Modified over 6 years ago

Similar presentations

Presentation on theme: "A short introduction and stories from end user involvement"— Presentation transcript:

1 A short introduction and stories from end user involvement
Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg Per Håkon Meland - SINTEF ICT, Trondheim, Norway

2 Motivation and background

3 Integration and access control of EPRs
Hospital systems (2005 ) Integration and access control of EPRs Models used to communicate processes and threats In 2005 we started doing a lot of process and threat modelling related to hospital system integration Røstad, L. (2006). An extended misuse case notation, including vulnerabilities and the insider threat. REFSQ'06, Luxembourg. Easy to read, simple notation, not too complex Models are a good way of communicating between different people

4 SHIELDS EU project Sharing of security knowledge End user evaluations
8 partners Sharing of security knowledge Models Methods Tools and tool input End user evaluations Sevaral iterations Real end-users Case studies and commercial products

5 Threat modelling

6 Threat modelling Misuse cases and attack trees Highly reusable
Understand potential security threats and vulnerabilities Understand attackers Find security design issues before code Determine countermeasures Guide the code review /testing/configuration /deployment Highly reusable Easy to grasp Today: Blackboards and incompatible tools Designers start from scratch for every project Little knowledge sharing Provide security knowledge and reusable diagrams to help developers 9

7 Example: Media player

8 Xine media player [This slide should be skipped, but is kept hidden in case we need to repat how to perform the first step of the activity.] 11

9 Let’s create a model from scratch…
Create use case model from scratch 12

10 Main functionality: Actors: Download data (application, codecs,
skins, ...) Play local media file Play media stream Actors: Software developer User 13

11 Add threats 14

12 Add threats 15

13 How about reusing one? Create use case model from scratch 16

14 Search for existing misuse case diagrams:
[This part should be performed live, but the slide is kept as a summary.] At the last demo, we also did a search for existing threat models related to media players. We did not find any misuse case diagrams back then, but let’s try again this time. [search for media using the SVRS user interface] Ok, we found this model, and by clikcing on it we can get an overview of its contents. This model definitely seems relevant, so let’s download it and analyse it further using SeaMonster. [download model with SVRS user interface, open model in SeaMonster] Ok, this model seems like a very good basis for the Xine application. The funtionality seems to be covered, the model shows typical threats, vulnerabilities I should be aware of, and also a set of possible mitigating security activities I should consider. [mention some examples from the model] Search for existing misuse case diagrams: “Media”, “player”, “Movie” 17

15 [This part should be performed live, but the slide is kept as a summary.]
At the last demo, we also did a search for existing threat models related to media players. We did not find any misuse case diagrams back then, but let’s try again this time. [search for media using the SVRS user interface] Ok, we found this model, and by clikcing on it we can get an overview of its contents. This model definitely seems relevant, so let’s download it and analyse it further using SeaMonster. [download model with SVRS user interface, open model in SeaMonster] Ok, this model seems like a very good basis for the Xine application. The funtionality seems to be covered, the model shows typical threats, vulnerabilities I should be aware of, and also a set of possible mitigating security activities I should consider. [mention some examples from the model] 18

16 Attack trees [This part should be performed live, but the slide is kept as a summary.] At the last demo, we also did a search for existing threat models related to media players. We did not find any misuse case diagrams back then, but let’s try again this time. [search for media using the SVRS user interface] Ok, we found this model, and by clikcing on it we can get an overview of its contents. This model definitely seems relevant, so let’s download it and analyse it further using SeaMonster. [download model with SVRS user interface, open model in SeaMonster] Ok, this model seems like a very good basis for the Xine application. The funtionality seems to be covered, the model shows typical threats, vulnerabilities I should be aware of, and also a set of possible mitigating security activities I should consider. [mention some examples from the model] 19

17 Link to attack patterns Used to identify mitigations
Hide the details Link to attack patterns Used to identify mitigations [This part should be performed live, but the slide is kept as a summary.] At the last demo, we also did a search for existing threat models related to media players. We did not find any misuse case diagrams back then, but let’s try again this time. [search for media using the SVRS user interface] Ok, we found this model, and by clikcing on it we can get an overview of its contents. This model definitely seems relevant, so let’s download it and analyse it further using SeaMonster. [download model with SVRS user interface, open model in SeaMonster] Ok, this model seems like a very good basis for the Xine application. The funtionality seems to be covered, the model shows typical threats, vulnerabilities I should be aware of, and also a set of possible mitigating security activities I should consider. [mention some examples from the model] 20

18 Finally… [This part should be performed live, but the slide is kept as a summary.] At the last demo, we also did a search for existing threat models related to media players. We did not find any misuse case diagrams back then, but let’s try again this time. [search for media using the SVRS user interface] Ok, we found this model, and by clikcing on it we can get an overview of its contents. This model definitely seems relevant, so let’s download it and analyse it further using SeaMonster. [download model with SVRS user interface, open model in SeaMonster] Ok, this model seems like a very good basis for the Xine application. The funtionality seems to be covered, the model shows typical threats, vulnerabilities I should be aware of, and also a set of possible mitigating security activities I should consider. [mention some examples from the model] 21

19 Create textual description to accompany the diagram
A document elaborating the diagram Threat descriptions can be fetched from the SHIELDS SVRS Gives an understanding of the possible attacker motivation There can be several different mitigations Input to risk analysis and security activity planning Explain that a textual misuse case should accompany the diagram, and show a premade one for XINE (Table 1 of D1.4). Mention that the model should be uploaded to aid other developers that create similar applications with the same characteristics. 22

20 Case study: eTourism

21 Phase 2: Parallel modelling Phase 3: Serial modelling
Approach Phase 1: Tutorial 2:Threat model created by experts 4:Model consolidated by experts 5:Threat model updated by developers 6:Threat model endorsed by experts 1:Application description 3:Threat model created by developers Phase 2: Parallel modelling Phase 3: Serial modelling

22 Pre-visit, plan: Post-visit, share Bad stuff? Hotels Route Experiences
Virtually explore Post-visit, share Pictures/videos Recommendations Blog Bad stuff?

23 Case study: WaLDo

24 Warehouse information system
Dock loading RFID tracking Picking lists Advanced shipping notifications Bad stuff?

25

26 Case study: eNewsPaper

27 Electronic newspaper Bad stuff? Aimed for the Paris metro
Shared from distribution points User relays Bad stuff?

28

29 Feedback and lessons learned
New threats and mitigations were identified in all case studies Misuse cases and attack trees: Easy to learn, easy to use Important with diversity while doing threat modelling Keep the size of the models down Need more models from other application areas

30 Share models through the SVRS!
Now contains >200 free security models 18 misuse case models 29 attack trees Use the free tools, or integrate your own Add your own, get feedback (and possibly revenue)

Download ppt "A short introduction and stories from end user involvement"

Similar presentations

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
Processes. Outline Definition of process Type of processes Improvement models Example Next steps… 1.

Processes. Outline Definition of process Type of processes Improvement models Example Next steps… 1.
July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.

July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.
ICT 1 Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg 22.06.2010 Per Håkon Meland - SINTEF ICT, Trondheim,

ICT 1 Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg Per Håkon Meland - SINTEF ICT, Trondheim,
(c) 2010 University of California, Irvine – André van der Hoek1February 21, 2010 – 18:05:18 Informatics 122 Software Design II Lecture 10 Nick Lopez Duplication.

(c) 2010 University of California, Irvine – André van der Hoek1February 21, 2010 – 18:05:18 Informatics 122 Software Design II Lecture 10 Nick Lopez Duplication.
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.

Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
Noor AL Jiboury (Onondaga Community College), Tatiana Tavares (UFPB), Alexandre Nóbrega (UFPB) One of the lessons learned in area of HCI (Human Computer.

Noor AL Jiboury (Onondaga Community College), Tatiana Tavares (UFPB), Alexandre Nóbrega (UFPB) One of the lessons learned in area of HCI (Human Computer.
Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman MODULE 14 CASE TOOLS Learning Units 14.1 CASE tools and their importance 14.2.

Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman MODULE 14 CASE TOOLS Learning Units 14.1 CASE tools and their importance 14.2.
The Goal & Structure of Textbook. Chapter 6 Topics (learning objects, Modules)

The Goal & Structure of Textbook. Chapter 6 Topics (learning objects, Modules)
ControlDraw, Modularisation, Standards And Re-Use Standardised Specification and Modular Design How ControlDraw Help.

ControlDraw, Modularisation, Standards And Re-Use Standardised Specification and Modular Design How ControlDraw Help.
15.1.2003Software Engineering 2003 Jyrki Nummenmaa 1 CASE Tools CASE = Computer-Aided Software Engineering A set of tools to (optimally) assist in each.

Software Engineering 2003 Jyrki Nummenmaa 1 CASE Tools CASE = Computer-Aided Software Engineering A set of tools to (optimally) assist in each.
Software Engineering – University of Tampere, CS DepartmentJyrki Nummenmaa REQUIREMENT SPECIFICATION Today: Requirements Specification.

Software Engineering – University of Tampere, CS DepartmentJyrki Nummenmaa REQUIREMENT SPECIFICATION Today: Requirements Specification.
08.10.2009ProMenPol Conference BerlinPage: 1 Supporting practice – presentation of the ProMenPol database and new toolkit Richard Wynne, WRC, Donal McAnaney,

ProMenPol Conference BerlinPage: 1 Supporting practice – presentation of the ProMenPol database and new toolkit Richard Wynne, WRC, Donal McAnaney,
James Williams e: eTutor Project SUMMARY OF KEY FINDINGS for 2 Pilot studies of the.

James Williams e: eTutor Project SUMMARY OF KEY FINDINGS for 2 Pilot studies of the.
T-76.4115 Final demo I2 Iteration 4.3.2008. 2 Agenda  Product presentation (20 min) ‏  Project close-up (20 min) ‏ Evaluation of the results  Questions.

T Final demo I2 Iteration Agenda  Product presentation (20 min) ‏  Project close-up (20 min) ‏ Evaluation of the results  Questions.
An Introduction to Designing and Executing Workflows with Taverna Aleksandra Pawlik materials by: Katy Wolstencroft University of Manchester.

An Introduction to Designing and Executing Workflows with Taverna Aleksandra Pawlik materials by: Katy Wolstencroft University of Manchester.
Rational Unified Process Fundamentals Module 5: Implementing RUP.

Rational Unified Process Fundamentals Module 5: Implementing RUP.
CS 4850: Senior Project Fall 2014 Object-Oriented Design.

CS 4850: Senior Project Fall 2014 Object-Oriented Design.
Advanced Software Development & Engineering 1 Theme Introduction.

Advanced Software Development & Engineering 1 Theme Introduction.
Version 5. ¿What is PAF? PAF is a tool to easily and quickly implement… …distributed analysis over ROOT trees. …by hiding as much as possible the inherent.

Version 5. ¿What is PAF? PAF is a tool to easily and quickly implement… …distributed analysis over ROOT trees. …by hiding as much as possible the inherent.

Similar presentations

Ads by Google