threat modelling for developers - fosdem
TRANSCRIPT
![Page 1: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/1.jpg)
Threat modellingfor developers
Arne Padmos
![Page 2: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/2.jpg)
xkcd
![Page 3: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/3.jpg)
SafetyvsSecurity
![Page 4: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/4.jpg)
![Page 5: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/5.jpg)
William WarbyWarner Bros
![Page 6: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/6.jpg)
![Page 7: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/7.jpg)
Are we doomed?
![Page 8: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/8.jpg)
![Page 9: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/9.jpg)
“ Building security in ”
“ Security by design ”
“ Shifting security left ”
![Page 10: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/10.jpg)
Microsoft
![Page 11: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/11.jpg)
Microsoft
![Page 12: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/12.jpg)
“ If we ... could do only one thing “ to improve software security … “ we would do threat modelling “ every day of the week. ”
— Howard & Lipner
![Page 13: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/13.jpg)
“ If we ... could do only one thing “ to improve software security … “ we would do threat modelling “ every day of the week. ”
— Howard & Lipner
![Page 14: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/14.jpg)
Requirements engineering&Architectural analysis
![Page 15: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/15.jpg)
What’s your threat model?( security assumptions )
![Page 16: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/16.jpg)
![Page 17: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/17.jpg)
“ More precisely, we will assume“ the following about a saboteur: ”
– obtain any message– initiate any conversation– be a receiver to any user
![Page 18: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/18.jpg)
Utagawa Kuniyoshi
![Page 19: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/19.jpg)
NSA
![Page 20: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/20.jpg)
Eleanor Saitta
![Page 21: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/21.jpg)
What couldpossiblygo wrong?
& how
![Page 22: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/22.jpg)
What couldpossiblygo wrong?
& how
![Page 23: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/23.jpg)
Types of threat modelling
– Attacker-centric– Asset-centric– System-centric
![Page 24: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/24.jpg)
William Warby
![Page 25: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/25.jpg)
Paul Pols
![Page 26: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/26.jpg)
Cyril Davenport
![Page 27: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/27.jpg)
Eleanor Saitta et al.
![Page 28: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/28.jpg)
Stewart Brand
![Page 29: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/29.jpg)
Antti Vähä-Sipilä
![Page 30: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/30.jpg)
Popular approaches( system-centric )
– STRIDE– Trike– PASTA
![Page 31: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/31.jpg)
Relevant questions
1. What are we working on?2. What can go wrong?3. What are we going to do?4. Did we do a good job?
Adam Shostack
![Page 32: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/32.jpg)
Lightweight methodology
1. Draw data flows2. Elicit threats3. Ranking + controls4. Check your work
![Page 33: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/33.jpg)
Lightweight methodology
1. Draw data flows2. Elicit threats3. Ranking + controls4. Check your work
![Page 34: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/34.jpg)
CMU
![Page 35: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/35.jpg)
Adam Shostack
![Page 36: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/36.jpg)
Mark Dowd et al.
![Page 37: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/37.jpg)
Trail of Bits
![Page 38: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/38.jpg)
Lightweight methodology
1. Draw data flows2. Elicit threats3. Ranking + controls4. Check your work
![Page 39: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/39.jpg)
ConfidentialityIntegrityAvailability
AuthenticationAuthorisationAccountability
![Page 40: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/40.jpg)
Information disclosureTamperingDenial of service
SpoofingElevation of privilegeRepudiation
![Page 41: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/41.jpg)
“STRIDE”
![Page 42: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/42.jpg)
SAFEcode
![Page 43: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/43.jpg)
SWIFT
![Page 44: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/44.jpg)
Adam Shostack
![Page 45: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/45.jpg)
Lightweight methodology
1. Draw data flows2. Elicit threats3. Ranking + controls4. Check your work
![Page 46: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/46.jpg)
Dick Bruna
![Page 47: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/47.jpg)
Parker Brothers
![Page 48: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/48.jpg)
Risk ≈ likelihood × impact
![Page 49: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/49.jpg)
ThoughtWorks
![Page 50: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/50.jpg)
Howard & Lipner
![Page 51: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/51.jpg)
Lightweight methodology
1. Draw data flows2. Elicit threats3. Ranking + controls4. Check your work
![Page 52: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/52.jpg)
“ All models are wrong,“ some models are useful. ”
— George Box
![Page 53: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/53.jpg)
Koyaanisqatsi
![Page 54: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/54.jpg)
Stephen Checkoway et al.
![Page 55: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/55.jpg)
![Page 56: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/56.jpg)
Howard & Lipner
![Page 57: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/57.jpg)
xkcd
![Page 58: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/58.jpg)
Lightweight methodology
1. Draw data flows2. Elicit threats3. Ranking + controls4. Check your work
![Page 59: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/59.jpg)
![Page 60: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/60.jpg)
Dick Bruna
![Page 61: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/61.jpg)
ThoughtWorks
![Page 62: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/62.jpg)
ThoughtWorks
![Page 63: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/63.jpg)
ThoughtWorks
![Page 64: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/64.jpg)
ThoughtWorks
![Page 65: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/65.jpg)
![Page 66: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/66.jpg)
![Page 67: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/67.jpg)
@wilg
![Page 68: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/68.jpg)
Rijksoverheid
![Page 69: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/69.jpg)
What couldpossiblygo wrong?
& how
![Page 70: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/70.jpg)
Arne [email protected]
![Page 71: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/71.jpg)
![Page 72: Threat modelling for developers - FOSDEM](https://reader031.vdocument.in/reader031/viewer/2022021106/6204f8ac989ce57094701267/html5/thumbnails/72.jpg)
github.com/arnepadmos/resources
my “toy collection”