Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Published bySadie Longstreet Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling."— Presentation transcript:

1 Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE

2 Threat Modeling (part of Microsoft’s Trustworthy Computing) Threat Modeling (part of Microsoft’s Trustworthy Computing) ______ potential for harmful event/attack can be realized by an… that occurs due to a… ______ that should be mitigated by a… __________ ____________

3 Threat Modeling (part of Microsoft’s Trustworthy Computing) Threat Modeling (part of Microsoft’s Trustworthy Computing) Why?  create a list of vulnerabilities  bridge gap between design & deployment  help cross team communication  raise awareness of security  identify areas of security requiring more research The Players  Customers  Business Analysts  Software architects  Developers  Testers

4 Threat Modeling Steps

5  What can we prevent?  What do we care about most?  What is the worst thing that can happen?  What laws and regulations apply? Step 1: Identify Security Objectives Identify the system assets. Focus on confidentiality, integrity, availability.

6 Ways to depict software architecture: __________ Diagram _____ Diagram Step 2: Describe System Architecture

7 Class Diagrams A picture depicting classes and interconnections. Basic NotationSimple Example

8 Data Flow Diagrams A picture depicting how data flows within a software system. Basic NotationSimple Example

9 Data Flow Example 2 Email System Data Flow Example 2 Email System

10 Drill down to details of software architecture: Data Flow Diagram  processes expanded into other processes and flows Class Diagram  include methods, packages, inner classes  include files, external calls & parameter lists Step 3: Decompose app _____________

11 Example 2 Edit zoom Example 2 Edit zoom

12 This requires a systematic approach: 2) use a classification framework like STRIDE  _________(authenticity)  _________(integrity)  _________  _________ disclosure (confidentiality)  _____ of service (availability)  ________ of privilege (authorization) 1) look at detailed design for…  trust boundaries  entry points  exit points Step 4: Identify Threats http://msdn.microsoft.com/en-us/magazine/cc163519.aspx

13 Attack Trees Attack trees (also called threat trees) describe the nature of an attack. Drawing attack trees helps with understanding, discovering, and mitigating threats. Notation A tree  root is the goal for the attack  children (of a node) define methods to achieve parent  children may be ORed or ANDed http://www.schneier.com/paper-attacktrees-ddj-ft.html

14 Example

15 Develop a systematic approach:  start with an accepted approach Step 5: Rate Threats  adjust weighting with experience Two possible approaches  Risk = Threat X Asset  DREAD

16 Risk = Threat X Asset The basic formula: Risk = Threat probability * Damage potential Threat probability accounts for exploitability & mitigations. Damage potential is basically the cost or impact. Ranges?  numbers might be difficult to use  categories (3 to 5) is usually sufficient

17 A Graph of Threats High Medium Modest Low ModestMediumHigh Probability of Occurrence Potential Damage

18 DREAD (Microsoft’s first model) DREAD (Microsoft’s first model) Damage potential How much damage will the exploit produce? Reproducability How likely is it for the attack to recur? Exploitability How easy is it to carry out the attack? Affected users What fraction of users will be affected? Discoverability What are the odds an attacker can find the vul? Risk = min(D, (D+R+E+A+D)/5)

19 Problems with DREAD It’s not simple. Frequent disagreement over risk numbers  customers don’t agree with developers  people with the same roles don’t agree This lead to a simpler severity rating system... Originally, each vul (DREAD) was graded 0-no threat to 10-high. It’s subjective.

Download ppt "Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling."

Similar presentations

Sachin Rawat Crypsis SDL Threat Modeling.

Sachin Rawat Crypsis SDL Threat Modeling.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
WwwTASK.to © Toronto Area Security Klatch 2007 Threat Modeling With STRIDE and DREAD Chuck Ben-Tzur Security Consultant Sentry Metrics March 27, 2007.

WwwTASK.to © Toronto Area Security Klatch 2007 Threat Modeling With STRIDE and DREAD Chuck Ben-Tzur Security Consultant Sentry Metrics March 27, 2007.
Risk Analysis James Walden Northern Kentucky University.

Risk Analysis James Walden Northern Kentucky University.
Bridging the gap between software developers and auditors.

Bridging the gap between software developers and auditors.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
Security Controls – What Works

Security Controls – What Works
Introducing Computer and Network Security

Introducing Computer and Network Security
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Application Threat Modeling Workshop

Application Threat Modeling Workshop
Introduction to Network Defense

Introduction to Network Defense
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
G53SEC Computer Security Introduction to G53SEC 1.

G53SEC Computer Security Introduction to G53SEC 1.

Similar presentations

Ads by Google