Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat.

Published byArthur Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat."— Presentation transcript:

1 What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat Assessment

2 Threat Modeling (part of Microsoft’s Trustworthy Computing) Threat Modeling (part of Microsoft’s Trustworthy Computing) ______ is realized by an… that occurs due to a… ______ that should be mitigated by a… __________ ____________ potential & cost of harmful event/attack

3 Threat Modeling (part of Microsoft’s Trustworthy Computing) Threat Modeling (part of Microsoft’s Trustworthy Computing) Why? The Players  Customers  Business Analysts  Software architects  Developers  Testers

4 Threat Modeling Steps

5  What can we prevent?  What do we care about most?  What is the worst thing that can happen?  What laws and regulations apply? Step 1: Identify Security Objectives Identify the system assets. Focus on confidentiality, integrity, availability.

6 Ways to depict software architecture: __________ Diagram _____ Diagram Step 2: Describe System Architecture

7 Class Diagrams A picture depicting classes and interconnections. Basic NotationSimple Example

8 Data Flow Diagrams A picture depicting how data flows within a software system. Basic NotationSimple Example

9 DFD Rules 1) Every process is labeled with a _____ phrase. 2) Every data flow is labeled with a ______ phrase. 3) Sources, sinks and data stores are named with _____ phrases. 4) Every process must have at least one entering and one exiting data flow. 5) Data stores cannot connect to each other without intervening processes.

10 Data Flow Example 2 Make an Omelet

11 Drill down to details of software architecture: Data Flow Diagram  processes expanded into other processes and flows Class Diagram  include methods, packages, inner classes  include files, external calls & parameter lists Step 3: Decompose app _____________

12 Data Flow Example 3 Email System Data Flow Example 3 Email System DFDs are usually constructed via refinement. This is a possible Level 0 DFD.

13 Data Flow Example 3 cont'd Data Flow Example 3 cont'd This is a possible Level 1 DFD.

14 Example 3 Edit zoom Example 3 Edit zoom This is a possible Level 2 refinement.

15 This requires a systematic approach: 2) use a classification framework like STRIDE  _________(authenticity)  _________(integrity)  _________  _________ disclosure (confidentiality)  _____ of service (availability)  ________ of privilege (authorization) 1) look at detailed design for…  trust boundaries  entry points  exit points Step 4: Identify Threats http://msdn.microsoft.com/en-us/magazine/cc163519.aspx

16 Data Flow Example 3 …again Data Flow Example 3 …again

17 Attack Trees Attack trees (also called threat trees) describe the nature of an attack. Drawing attack trees helps with understanding, discovering, and mitigating threats. Notation A tree  root is the goal for the attack  children (of a node) define methods to achieve parent  children may be ORed or ANDed http://www.schneier.com/paper-attacktrees-ddj-ft.html

18 Example

19 Develop a systematic approach:  start with an accepted approach Step 5: Rate Threats  adjust weighting with experience Two possible approaches  Risk = Threat X Asset  DREAD

20 Risk = Threat X Asset The basic formula: Risk = Threat probability * Damage potential Threat probability accounts for exploitability & mitigations. Damage potential is basically the cost or impact. Ranges?  numbers might be difficult to use  categories (3 to 5) is usually sufficient

21 DREAD (Microsoft’s first model) DREAD (Microsoft’s first model) Damage potential How much damage will the exploit produce? Reproducability How likely is it for the attack to recur? Exploitability How easy is it to carry out the attack? Affected users What fraction of users will be affected? Discoverability What are the odds an attacker can find the vul? Risk = min(D, (D+R+E+A+D)/5)

22 Problems with DREAD It’s not simple. Frequent disagreement over risk numbers  customers don’t agree with developers  people with the same roles don’t agree This lead to a simpler severity rating system... Originally, each vul (DREAD) was graded 0-no threat to 10-high. It’s subjective.

23 A Graph of Threats High Medium Modest Low ModestMediumHigh Probability of Occurrence Potential Damage

Download ppt "What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat."

Similar presentations

Sachin Rawat Crypsis SDL Threat Modeling.

Sachin Rawat Crypsis SDL Threat Modeling.
CAPE INFORMATION TECHNOLOGY – Unit 2

CAPE INFORMATION TECHNOLOGY – Unit 2
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
WwwTASK.to © Toronto Area Security Klatch 2007 Threat Modeling With STRIDE and DREAD Chuck Ben-Tzur Security Consultant Sentry Metrics March 27, 2007.

WwwTASK.to © Toronto Area Security Klatch 2007 Threat Modeling With STRIDE and DREAD Chuck Ben-Tzur Security Consultant Sentry Metrics March 27, 2007.
Risk Analysis James Walden Northern Kentucky University.

Risk Analysis James Walden Northern Kentucky University.
Bridging the gap between software developers and auditors.

Bridging the gap between software developers and auditors.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Software Design Process A Process is a set of related and (sequenced) tasks that transforms a set of input to a set of output. Inputs Outputs Design Process.

Software Design Process A Process is a set of related and (sequenced) tasks that transforms a set of input to a set of output. Inputs Outputs Design Process.
1 OS II: Dependability & Trust Threat Modeling & Security Metrics Dependable Embedded Systems & SW Group www.deeds.informatik.tu-darmstadt.de Prof. Neeraj.

1 OS II: Dependability & Trust Threat Modeling & Security Metrics Dependable Embedded Systems & SW Group Prof. Neeraj.
How to : Data Flow Diagrams (DFDs)

How to : Data Flow Diagrams (DFDs)
Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.

Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.
Introducing Computer and Network Security

Introducing Computer and Network Security
Modeling the Processes and Logic

Modeling the Processes and Logic
System Analysis and Design

System Analysis and Design
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Application Threat Modeling Workshop

Application Threat Modeling Workshop
Chapter 7 Structuring System Process Requirements

Chapter 7 Structuring System Process Requirements
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Modeling the system the data flow diagram the context diagram level decomposition the cornucopia case portfolio project Systems Analysis and Design for.

Modeling the system the data flow diagram the context diagram level decomposition the cornucopia case portfolio project Systems Analysis and Design for.

Similar presentations

Ads by Google