know your enemy - an introduction to threat modeling
TRANSCRIPT
Jerry: Well, what makes them think you're a risk management expert? George: I guess it's on my resume.
@jschauma ConFoo Vancouver 2016
• idenKfy assets • idenKfy vulnerabiliKes • idenKfy likely threat actors (categorized by objecKves & capabiliKes) • idenKfy defensive capabiliKes • determine risk score • rinse and repeat
Threat Model 101
@jschauma ConFoo Vancouver 2016
Threat Property
Spoofing AuthenKcaKon Tampering Integrity RepudiaKon Non-‐RepudiaKon InformaKon Disclosure ConfidenKality Denial of Service Availability ElevaKon of Privilege AuthorizaKon
STRIDE
@jschauma ConFoo Vancouver 2016
DREAD Damage How bad would the a_ack be? Reproducability How easy to recreate the a_ack? Exploitability How easy to launch the a_ack? Affected Users How many are impacted? Discoverability How easy to discover for a_acker?
@jschauma ConFoo Vancouver 2016
DREAD+D Damage How bad would the a_ack be? Reproducability How easy to recreate the a_ack? Exploitability How easy to launch the a_ack? Affected Users How many are impacted? Discoverability How easy to discover for a_acker? DetecKon How hard to detect for defender?
@jschauma ConFoo Vancouver 2016
• competing incentives • industry espionage • covert operations • low risk profile • bound by (some) rules • married to a supercomputer
Know Your Enemy https://v.gd/ConFooThreatModel04
@jschauma ConFoo Vancouver 2016
• low skill level • opportunistic • chaotic, yet predictable • there may be more than you think • never wears pants
https://v.gd/ConFooThreatModel04
Know Your Enemy
@jschauma ConFoo Vancouver 2016
• specific objective • targeted attacks • resourceful • relentless • only bound by gravity
https://v.gd/ConFooThreatModel04
Know Your Enemy
@jschauma ConFoo Vancouver 2016
• very powerful / resourceful • may have privileged controls • operates both clandestine & overt • may utilize Wile E. Coyote,
Mayor Quimby, Fat Tony
https://v.gd/ConFooThreatModel04
Know Your Enemy
@jschauma ConFoo Vancouver 2016
Threat Modeling Process • idenKfy assets, assign values • use STRIDE to idenKfy threats • use DREAD+D to derive threat score • determine / recommend defenses • zoom out / zoom in & repeat
@jschauma ConFoo Vancouver 2016
A_ackers will go for the lowest hanging fruit.
Raising the cost of a_ack – not eliminaKng the enKre threat – is frequently sufficient.
@jschauma ConFoo Vancouver 2016