omg common threat model - object management group · chair: dr. patrick mallett ... harm the type...
TRANSCRIPT
13/
24/9
7 1
0:09
OM
G C
omm
on T
hrea
t Mod
el
Join
t OM
G/N
SA
Wor
ksho
pon
Bui
ldin
g an
d U
sing
Sec
ure
OR
Bs
Apr
il 19
97
Hen
ry R
othk
opf -
U.S
. Gov
ernm
ent
Dr.
Pat
rick
Mal
lett
- M
ITR
E
R. N
eil W
agon
er -
MIT
RE
Don
Faa
tz -
MIT
RE
23/
24/9
7 1
0:10 O
bjec
tive
of P
rese
ntat
ion
•D
escr
ibe
the
thre
at m
odel
bei
ng
dev
elo
ped
by
the
OM
GS
ecur
ity
SIG
Com
mon
Thr
eat M
odel
Wor
kin
g G
rou
p•
Rep
ort s
tatu
s
33/
24/9
7 1
0:10 O
rgan
izat
ion
•C
omm
on T
hrea
t Mod
el W
orki
ng
Gro
up
•In
terp
reta
tions
of t
hrea
ts a
nd c
once
rns
mi
ght
be
diffe
rent
•E
xam
ple
of a
com
mon
thre
at•
The
roa
d w
e sh
ould
be
on•
App
roac
h to
bui
ldin
g th
e C
omm
on T
hrea
t Mod
el•
Def
initi
on o
f ter
ms
and
met
rics
•S
ug
ges
ted
set o
f ini
tial
gen
eric
thre
ats
•D
iscu
ssio
n of
atta
ched
han
dout
s, e
.g
., p
rese
ntat
ion
mat
rix fo
rth
e C
omm
on T
hrea
t Mod
el•
Cur
rent
tim
etab
le
43/
24/9
7 1
0:10 C
omm
on T
hrea
t Mod
el W
orki
ng G
roup
•C
TM
WG
mee
ting
s he
ld in
Tam
pa,
Jan
97
and
Aus
tin, M
ar 9
7-
Cha
ir: D
r. P
atric
k M
alle
tt•
Cha
rter
-Id
entif
y an
d do
cum
ent t
hrea
ts a
nd c
once
rns
from
all
vert
ical
dom
ains
(i.
e., b
usin
ess
area
s)
to b
uild
a c
omm
onth
reat
mod
el th
at c
an b
e us
ed to
:•
Ens
ure
com
ple
tene
ss o
f the
CO
RB
A S
ecur
ity
Sp
ecifi
catio
n•
Su
pp
ort a
com
mon
con
sens
us fo
r an
y ne
eded
chan
ges
to th
e C
OR
BA
Sec
urit
y S
pec
ifica
tion
•E
duca
te th
e la
rg
er c
omm
unit
y on
the
imp
orta
nce
ofse
curit
y•
The
mod
el w
ill b
e do
cum
ente
d in
an
info
rmat
iona
l whi
tep
aper
alo
ng
with
edu
catio
nal b
riefin
gs
53/
24/9
7 1
0:10 C
omm
on T
hrea
t Mod
el W
orki
ng G
roup
(Con
clud
ed)
•T
he g
rou
p a
gre
ed th
at th
e th
reat
mod
el s
houl
d in
clud
e th
efo
llow
ing
:-
Dom
ain
inte
rp
reta
tions
of t
he c
once
rns
and
thre
ats
insp
ecifi
c te
rms
rele
vant
to th
at b
usin
ess
area
, with
desc
rip
tion
of li
kel
y da
ma
ge
-A
set
of
gen
eric
thre
ats
fact
ored
from
the
thre
ats
iden
tifie
d in
the
vario
us d
omai
ns-
A s
et o
f g
ener
ic c
ount
erm
easu
res
or s
ecur
ity
serv
ices
need
ed to
def
eat o
r m
itig
ate
the
gen
eric
thre
ats
63/
24/9
7 1
0:10 In
terp
reta
tions
of T
hrea
ts a
nd C
once
rns
Mig
ht b
e D
iffer
ent
Thr
eats
CO
RB
AS
ec a
nd
Sec
ure
IIOP
en
able
cou
nter
mea
sure
sfo
r a
subs
et o
f thr
eats
.
Gov
ernm
ent I
nter
pret
atio
n
Com
mer
cial
Inte
rpre
tatio
n
Dom
ain-
Spe
cific
Inte
rpre
tatio
ns
Ban
king
,M
edic
ine
Sho
uld
expa
nd o
ur v
iew
from
CO
RB
A &
ser
vice
sto
incl
ude
faci
litie
s an
dve
rtic
al d
omai
ns.
73/
24/9
7 1
0:10
•U
naut
horiz
ed a
cces
s of
info
rmat
ion
from
ext
erna
l dom
ain
•G
over
nmen
t and
com
mer
cial
cou
nter
mea
sure
p
atte
rns
are
the
sam
e-
Ass
uran
ce r
eq
uire
men
ts m
ay
be s
tron
ger
for
Gov
t.
Mut
ually
Sus
pici
ous
Dom
ains
Intr
a-D
omai
nP
olic
yIn
tra-
Dom
ain
Pol
icy
Fire
wal
lor
G
uard
Inte
r-D
omai
nP
olic
y
•G
over
nmen
t and
indu
str
y us
e th
e sa
me
tech
nolo
gie
s fo
rin
form
atio
n s
yste
ms
- T
ypes
of l
oss
due
to c
omp
rom
ise
ma
y be
diff
eren
t•
Info
rmat
ion
war
fare
atta
cks
are
eq
uall
y lik
ely
agai
nst
com
mer
cial
and
g
ove
rnm
ent t
arg
ets
Exa
mpl
e of
a C
omm
on T
hrea
t
83/
24/9
7 1
0:10 T
he R
oad
Wer
e O
n
;QW�#TG
*GTG
)QXGTPOGP
V�&QOCKPU
2TQITGUU
%QOOGTEKCN�&QOCKPU
CO
RB
AS
ecur
ityS
pec
Gov
’tO
O S
ecur
ityR
equi
rem
ents
One
Sta
ndar
dS
et o
f Sec
urity
AP
Is fo
r O
RB
s&
App
licat
ions
Reu
sed
by b
oth
Gov
ernm
ent a
ndC
omm
erci
al
Sys
tem
s
Inte
rpre
tatio
n of
Con
cern
s an
dT
hrea
ts to
Com
mer
cial
and
Tec
hnol
ogy
Infr
astr
uctu
re
Inte
rpre
tatio
n of
Con
cern
san
d T
hrea
ts to
Gov
ernm
ent
and
Mili
tary
Infr
astr
uctu
re
Com
mon
Thr
eat
Mod
el
CO
RB
A C
omm
onS
ecur
ity S
ervi
ces
Gen
eric
thre
ats
Gen
eric
thre
ats
are
the
sam
ear
e th
e sa
me
Gen
eric
thre
ats
Gen
eric
thre
ats
are
the
sam
ear
e th
e sa
me
93/
24/9
7 1
0:10 A
ppro
ach
to B
uild
ing
the
Com
mon
Thr
eat M
odel
INIT
IAL
SE
T O
FG
EN
ER
ICT
HR
EA
TS
EX
AM
INE
KN
OW
NR
EA
LIS
TIC
AT
TA
CK
S
RE
FIN
ED
SE
T O
FG
EN
ER
ICT
HR
EA
TS
FA
CT
OR
OU
T
GE
NE
RIC
TH
RE
AT
S
EX
AM
INE
SP
EC
IFIC
BU
SIN
ES
S D
OM
AIN
INT
ER
PR
ET
AT
ION
OF
CO
NC
ER
NS
NO
T C
OV
ER
ED
BY
EX
IST
ING
SE
TO
F G
EN
ER
IC T
HR
EA
TS
CO
MM
ON
SE
T O
FG
EN
ER
ICT
HR
EA
TS
IDE
NT
IFY
CO
UN
TE
RM
EA
SU
RE
SA
ND
SY
ST
EM
SE
CU
RIT
Y S
ER
VIC
ES
IDE
NT
IFY
NE
ED
ED
SU
PP
OR
TIN
GC
OR
BA
SE
RV
ICE
S
DE
FIN
E C
OM
PO
SIT
ION
GU
IDE
LIN
ES
AN
DA
DD
ITIO
NA
L S
ER
VIC
ES
NE
ED
ED
AD
D N
EW
GE
NE
RIC
T
HR
EA
T T
OM
OD
EL
BU
SIN
ES
S D
OM
AIN
SE
CU
RIT
Y W
G’S
INT
ER
PR
ET
AT
ION
OF
CO
NC
ER
NS
AN
DT
HR
EA
TS
LEG
EN
D:
Thi
s lo
op is
don
e fo
r ea
ch b
usin
ess
area
or
dom
ain
join
tly b
etw
een
the
dom
ain
wo
rkin
g gr
oup
with
an
d th
e S
ecur
ity S
IG
Pat
h un
der
con
trol
of t
he S
ecur
ity S
IG
FO
R A
LL D
OM
AIN
S
103/
24/9
7 1
0:10 D
efin
ition
of T
erm
s an
d M
etric
s
•T
hrea
t•
Vul
nera
bilit
y•
Cou
nter
mea
sure
•S
cena
rio•
Like
lihoo
d•
Har
m•
Imp
act
•R
isk
113/
24/9
7 1
0:10 D
efin
ition
s [r
e C
OR
BA
Sec
App
x E
]
•T
hrea
tA
pot
entia
l sys
tem
mis
use
that
cou
ld le
ad to
a fa
ilure
inac
hiev
ing
the
syst
em s
ecur
ity g
oals
•V
ulne
rabi
lity
A s
yste
m w
eakn
ess
that
leav
es th
e sy
stem
ope
n to
one
or
mor
e th
reat
s
•C
ount
erm
easu
reA
mea
sure
or
tech
niqu
e fo
r co
unte
ring
or m
itiga
ting
the
effe
cts
of a
thre
at
123/
24/9
7 1
0:10 D
efin
ition
s•
Sce
nario
An
exam
ple
of g
iven
type
of t
hrea
t
•Li
kelih
ood
A m
etric
des
crib
ing
the
prob
abili
ty o
f a g
iven
thre
at o
ccur
ing
•H
arm
The
type
or
desc
riptio
n of
dam
age
to th
e sy
stem
(or
ente
rpris
e) re
sulti
ng fr
om a
suc
cess
ful t
hrea
t(T
he C
TM
use
s 4
cate
gorie
s or
type
s: u
naut
horiz
eddi
sclo
sure
, den
ial o
f ser
vice
, una
utho
rized
man
ipul
atio
n, a
ndun
auth
oriz
ed u
se)
•Im
pac
tA
met
ric d
escr
ibin
g th
e se
rious
ness
of d
amag
e to
the
syst
em(o
r ent
erpr
ise)
res
ultin
g fr
om a
suc
cess
ful t
hrea
t
133/
24/9
7 1
0:10 D
efin
ition
s
•R
isk
A m
etric
des
crib
ing
the
degr
ee to
whi
ch u
se o
f the
sys
tem
expo
ses
the
syst
em o
r ent
erpr
ise
to p
oten
tial h
arm
;re
lativ
e to
any
spe
cific
thre
at, r
isk
is a
func
tion
of:
-Li
kelih
ood
of th
e th
reat
-Im
pact
if th
e th
reat
atta
ck is
suc
cess
ful
-E
ffect
iven
ess
of c
ount
erm
easu
res
to th
e th
reat
•In
som
e ca
ses,
it is
als
o us
eful
to d
efin
e a
risk
met
ric b
ased
on o
nly
the
first
two
fact
ors
(bef
ore
cons
ider
ing
the
effe
ct o
fco
unte
rmea
sure
s)
143/
24/9
7 1
0:10 Li
kelih
ood
Met
ric
•Lo
w -H
ighl
y un
likel
y an
d no
t ex
pec
ted
to o
ccur
; re
qui
res
cons
pira
cy
and/
or e
xp
ert-
leve
l kno
wle
dg
e•
Med
ium
-M
ay o
ccur
und
er u
nusu
al c
ircum
stan
ces;
re
qui
res
asi
ng
le u
ser w
ith o
per
ator
-leve
l kno
wle
dg
e•
Hig
h-
Exp
ecte
d to
occ
ur w
ith s
ome
fre
qu
enc
y; m
ay
occu
rdu
ring
the
cour
se o
f nor
mal
op
erat
ions
(e
.g.,
acci
dent
aler
rors
)
153/
24/9
7 1
0:10 Im
pact
Met
ric
•Lo
w -M
inor
dam
ag
e du
e to
dat
a lo
ss, c
orru
ptio
n, c
omp
rom
ise,
or d
enia
l of s
ervi
ce, s
uch
as v
iola
tion
of a
dmin
istr
ativ
ep
olic
y•
Med
ium
-M
oder
ate
dam
ag
e du
e to
dat
a lo
ss, c
orru
ptio
n,co
mp
rom
ise,
or
deni
al o
f ser
vice
, suc
h as
rele
ase
ofse
nsiti
ve in
form
atio
n•
Hig
h-
Ext
ensi
ve d
ama
ge
due
to d
ata
loss
, cor
rup
tion,
com
pro
mis
e, o
r p
rolo
ng
ed d
enia
l of s
ervi
ce, s
uch
asvi
olat
ion
of h
ig
hly
sens
itive
dat
a, e
ndan
ger
men
t of l
ife,
loss
of i
nte
grit
y m
echa
nism
s, o
r cor
rup
tion
of s
ecur
ity
pol
icy
rule
s
163/
24/9
7 1
0:10 R
isk
as a
func
tion
of Im
pact
and
Lik
elih
ood
Impact
Likelih
oodLo
wMe
diumHig
hLo
wLow
LowMed
iumMe
diumLow
Medium
High
High
Medium
High
High
173/
24/9
7 1
0:10 E
ffect
iven
ess
of C
ount
erm
easu
re M
etric
(1/
3)
•Lo
w -T
he c
ount
erm
easu
re is
wid
ely
belie
ved
to b
e w
eak
or c
anbe
circ
umve
nted
with
mod
erat
e ef
fort
. For
exa
mp
le, i
t ma
yre
ly h
eavi
ly o
n hu
man
(n
on-s
ecur
ity
per
sonn
el)
secu
rity
awar
enes
s. If
cou
nter
mea
sure
fails
or
is c
ircum
vent
ed,
com
pon
ent w
ill c
ontin
ue to
op
erat
e, a
nd m
ay
resu
lt in
deni
al o
f ser
vice
and
una
utho
rized
dis
clos
ure,
man
ipul
atio
n, a
nd u
se o
f inf
orm
atio
n. I
n so
me
case
s, th
eco
unte
rmea
sure
ma
y ac
tual
ly r
educ
e se
curit
y b
y in
duci
ng
ina
ppro
pria
te u
ser a
ctio
ns.
183/
24/9
7 1
0:10 E
ffect
iven
ess
of C
ount
erm
easu
re M
etric
(2/
3)
•M
ediu
m-
Adv
ersa
ry
mus
t ex
pen
d so
me
time
usin
g a
vaila
ble
tool
sin
ord
er to
circ
umve
nt th
e co
unte
rmea
sure
. S
uch
coun
term
easu
res
ma
y re
ly m
oder
atel
y on
sec
urit
yaw
aren
ess
by
non-
secu
rity
per
sonn
el, f
or e
xam
ple
req
uirin
g o
per
ator
s to
not
inad
vert
entl
y di
sclo
se v
ital d
ata
(e.g
.., p
assw
ord,
cr
ypto
gra
phi
c ke
y) o
r re
qui
ring
op
erat
ors
to a
ctiv
ate
coun
term
easu
re in
the
face
of
emin
ent t
hrea
t (e
.g.,
zero
ize
butto
n to
cle
ar k
ey
mat
eria
l).
Gen
eral
ly, i
f cou
nter
mea
sure
fails
, com
pon
ent w
illco
ntin
ue to
op
erat
e, a
nd m
ay
resu
lt in
una
utho
rized
disc
losu
re o
r man
ip
ula
tion
of in
form
atio
n.
193/
24/9
7 1
0:10 E
ffect
iven
ess
of C
ount
erm
easu
re M
etric
(3/
3)
•H
igh
-A
dver
sar
y m
ust e
xp
end
inor
dina
te a
mou
nt o
f tim
e an
dre
sour
ces
to a
ttem
pt d
efea
t of c
ount
erm
easu
re.
Exa
mp
les
incl
ude:
usi
ng
cry
pto
gra
phi
c or
tech
nica
lse
curit
y p
rote
ctio
n m
echa
nism
s w
hich
are
NS
A e
ndor
sed
or e
valu
ated
usi
ng
crit
eria
suc
h as
ITS
EC
or
the
Com
mon
Crit
eria
; or e
mp
loyi
ng
Gov
ernm
ent-
endo
rsed
and
wid
ely
acce
pte
d te
chni
cal m
echa
nism
s an
d p
roce
dure
s.G
ener
ally
, if t
he c
ount
erm
easu
re fa
ils, c
omp
onen
t will
not
op
erat
e, o
r fa
ilure
doe
s no
t res
ult i
n un
auth
oriz
eddi
sclo
sure
or m
ani
pu
latio
n of
info
rmat
ion.
203/
24/9
7 1
0:11 R
isk
Ref
ined
by
Effe
ctiv
enes
s of
Cou
nter
mea
sure
Risk a
s a Fu
nction
of Imp
act an
dLik
eliho
od
Effec
tivenes
s of Co
unterm
easure
Low
Medium
High
Low
LowLow
LowMe
diumMe
dium
LowLow
High
High
Medium
Low
213/
24/9
7 1
0:11 S
ugge
sted
Set
of I
nitia
l Gen
eric
Thr
eats
DIS
AS
TE
RS
AN
D W
EA
TH
ER
AC
CID
EN
TS
AN
D E
RR
OR
SP
HY
SIC
AL
TH
RE
AT
S
Una
utho
rized
Dis
clos
ure
Den
ial o
fS
ervi
ceU
naut
horiz
edM
anip
ulat
ion
Una
utho
rized
Use
Are
as o
f Pot
entia
l Har
m
NO
N-T
EC
HN
ICA
L T
HR
EA
TS
Ter
roris
tsS
abot
eurs
Thie
ves
App
ropr
iatio
nC
omba
t and
Ove
rrun
For
eign
Inte
llige
nce
Ser
vice
sN
atur
al D
isas
ter
Fire
, Ear
thqu
akes
,an
d Fl
oods
Hur
rican
es a
nd T
orna
does
Exc
essi
ve W
eath
er
Ele
ctric
al S
torm
sW
ind
Hea
t or
Col
dM
oist
ure,
San
d, o
r D
ust
Sho
ck o
r Vib
ratio
ns
Fai
lure
of M
an-m
ade
Sys
tem
sP
ower
Grid
sC
omm
unic
atio
ns G
rids
TE
CH
NIC
AL
TH
RE
AT
S
Adm
inis
trat
ive
Err
ors
Cry
ptog
raph
ic K
eys
Cle
aran
ces
Sec
urity
Pro
cedu
res
Equ
ipm
ent D
amag
e
Acc
iden
ts a
nd E
rror
s by
Aut
horiz
ed In
divi
dual
s
Adm
inis
trat
ive
Err
ors
Im
prop
er H
ardw
are
Con
nect
ions
Har
dwar
e an
d S
oftw
are
Fai
lure
s
Pro
tect
ion
Fea
ture
s, C
rash
esC
ross
talk
Mal
icio
us S
oftw
are
T
roja
n H
orse
s, V
iruse
sM
aint
enan
ce P
erso
nnel
Insi
der A
gent
s
Mas
quer
adin
g, B
row
sing
, Viru
ses
S
ubve
rsiv
e H
ardw
are
and
S
oftw
are,
Atta
chm
ent o
f
Rec
orde
rsE
lect
roni
c an
d In
form
atio
n W
arfa
re
Em
anat
ions
E
aves
drop
ping
P
enet
ratio
n A
gent
s
Jam
min
g
Ele
ctro
mag
netic
Pul
se
223/
24/9
7 1
0:11 H
ando
uts:
Dra
ft C
TM
•D
raft
pre
sent
atio
n m
atrix
for
the
CT
M•
New
pot
entia
l thr
eats
for
cons
ider
atio
n•
Maj
or c
once
rns
from
the
NII
thre
at
pap
er•
Sum
mar
y of
Aus
tin m
eetin
g•
Sum
mar
y of
thre
at d
iscu
ssio
ns w
ith th
e C
OR
BA
Med
ical
Dom
ain
233/
24/9
7 1
0:11 C
urre
nt T
imet
able
Jan
97 (
Tam
pa)
Sec
urity
SIG
buy
-in, s
tart
CT
M W
GIn
itial
Thr
eat M
odel
Mar
97
(Aus
tin)
Inpu
t fro
m V
ertic
al D
omai
ns,
U
pdat
e T
hrea
t Mod
el
Apr
97
(Bal
timor
e)B
rief C
TM
at W
ork
Sho
p
May
97
(Ita
ly)
Inpu
t fro
m V
ertic
al D
omai
ns,
U
pdat
e T
hrea
t Mod
el
Jun
97 (
Que
bec)
Dra
ft fo
r C
omm
ent
Rev
iew
with
Sec
urity
SIG
Sep
t 97
(Ire
land
)C
TM
Com
plet
ed, B
rief t
o P
TC