threat modelling for developers
play

Threat modelling for developers Arne Padmos xkcd Safety vs - PowerPoint PPT Presentation

Aug 19, 2023 •361 likes •1.1k views

Threat modelling for developers Arne Padmos xkcd Safety vs Security William Warby Warner Bros Are we doomed? Building security in Security by design Shifting security left Microsoft Microsoft If we ... could do

  1. Threat modelling for developers Arne Padmos

  2. xkcd

  3. Safety vs Security

  5. William Warby Warner Bros

  7. Are we doomed?

  9. “ Building security in ” “ Security by design ” “ Shifting security left ”

  10. Microsoft

  11. Microsoft

  12. “ If we ... could do only one thing “ to improve software security … “ we would do threat modelling “ every day of the week. ” — Howard & Lipner

  13. “ If we ... could do only one thing “ to improve software security … “ we would do threat modelling “ every day of the week. ” — Howard & Lipner

  14. Requirements engineering & Architectural analysis

  15. What’s your threat model? ( security assumptions )

  17. “ More precisely, we will assume “ the following about a saboteur: ” – obtain any message – initiate any conversation – be a receiver to any user

  18. Utagawa Kuniyoshi

  19. NSA

  20. Eleanor Saitta

  21. What could possibly go wrong? & how

  22. What could possibly go wrong? & how

  23. Types of threat modelling – Attacker-centric – Asset-centric – System-centric

  24. William Warby

  25. Paul Pols

  26. Cyril Davenport

  27. Eleanor Saitta et al.

  28. Stewart Brand

  29. Antti Vähä-Sipilä

  30. Popular approaches ( system-centric ) – STRIDE – Trike – PASTA

  31. Relevant questions 1. What are we working on? 2. What can go wrong? 3. What are we going to do? 4. Did we do a good job? Adam Shostack

  32. Lightweight methodology 1. Draw data flows 2. Elicit threats 3. Ranking + controls 4. Check your work

  33. Lightweight methodology 1. Draw data flows 2. Elicit threats 3. Ranking + controls 4. Check your work

  34. CMU

  35. Adam Shostack

  36. Mark Dowd et al.

  37. Trail of Bits

  38. Lightweight methodology 1. Draw data flows 2. Elicit threats 3. Ranking + controls 4. Check your work

  39. Confidentiality Integrity Availability Authentication Authorisation Accountability

  40. Information disclosure Tampering Denial of service Spoofing Elevation of privilege Repudiation

  41. “STRIDE”

  42. SAFEcode

  43. SWIFT

  44. Adam Shostack

  45. Lightweight methodology 1. Draw data flows 2. Elicit threats 3. Ranking + controls 4. Check your work

  46. Dick Bruna

  47. Parker Brothers

  48. Risk ≈ likelihood × impact

  49. ThoughtWorks

  50. Howard & Lipner

  51. Lightweight methodology 1. Draw data flows 2. Elicit threats 3. Ranking + controls 4. Check your work

  52. “ All models are wrong, “ some models are useful. ” — George Box

  53. Koyaanisqatsi

  54. Stephen Checkoway et al.

  56. Howard & Lipner

  57. xkcd

  58. Lightweight methodology 1. Draw data flows 2. Elicit threats 3. Ranking + controls 4. Check your work

  60. Dick Bruna

  61. ThoughtWorks

  62. ThoughtWorks

  63. ThoughtWorks

  64. ThoughtWorks

  67. @wilg

  68. Rijksoverheid

  69. What could possibly go wrong? & how

  70. Arne Padmos hello@arnepadmos.com

  72. github.com /arnepadmos/resources my “ toy collection ”

Recommend

A contract-oriented view on threat modelling Ketil Stlen SINTEF ICT and University of Oslo

A contract-oriented view on threat modelling Ketil Stlen SINTEF ICT and University of Oslo

A contract-oriented view on threat modelling Ketil Stlen SINTEF ICT and University of Oslo Joint work with Gyrd Brndeland, Heidi Dahl, Olav Ligaarden FLACOS Malta, November 27, 2008 ICT Motivation How to modularize threat modelling

805 views • 37 slides
course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance,

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance,

course evaluation room for attestations: 03.05.051 iLab Threat modelling, surveillance, operational security Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt

986 views • 47 slides
Identifying Changes in the Cybersecurity Threat Landscape using the LDA-Web Topic Modelling Data

Identifying Changes in the Cybersecurity Threat Landscape using the LDA-Web Topic Modelling Data

Identifying Changes in the Cybersecurity Threat Landscape using the LDA-Web Topic Modelling Data Search Engine Thursday 13 th July 2017 Multidisciplinary approaches to Cloud Crime HCII 2017, Vancouver Canada Noura Al Moubayed, David Wall, and

544 views • 9 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
Developers Developers Developers (what about creatives?) Ryan Gorley Designer + Marketer + Art

Developers Developers Developers (what about creatives?) Ryan Gorley Designer + Marketer + Art

Developers Developers Developers (what about creatives?) Ryan Gorley Designer + Marketer + Art Director FOSS: A Developers World? Creatives have abilities to ofer Challenge Ignorance & Bias Feature Gaps Inertia Introduce FOSS

514 views • 34 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
Colonel Mike Zarbo Project Manager for Instrumentation, Targets and Threat Simulators 13

Colonel Mike Zarbo Project Manager for Instrumentation, Targets and Threat Simulators 13

Colonel Mike Zarbo Project Manager for Instrumentation, Targets and Threat Simulators 13 September 2011 Excellence In Training End Users Soldiers Requirements Sailors Needs Airmen Marines Developers Vendors Manufacturers 7 Acquire

471 views • 25 slides
Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides
Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides
2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers

2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers

2 Hello Quantum Developers World Yet Another Frontier for JavaScript Hello Quantum Developers World QCon London 2020 Miguel Ramalho Quantum Spectrum Software Physicists Scientists Developers Engineers Engineers Theorise Empirically

710 views • 51 slides
Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect Multi-phase approach Initially: create Cyber Domain PIM and S TIX PS M with UML Profile for NIEM Expand to other PS M, create Threat Meta

211 views • 10 slides
RANDOM FORESTS IN THE EVALUATION OF THREAT FOR PEDESTRIAN ACCIDENTS IN TOWNS Marzena Nowakowska

RANDOM FORESTS IN THE EVALUATION OF THREAT FOR PEDESTRIAN ACCIDENTS IN TOWNS Marzena Nowakowska

RANDOM FORESTS IN THE EVALUATION OF THREAT FOR PEDESTRIAN ACCIDENTS IN TOWNS Marzena Nowakowska Faculty of Management and Computer Modelling Kielce University of Technology 25-345 Kielce, Al. 1000-lecia Pa stwa Polskiego 7, POLAND phone:

107 views • 7 slides
The Modelling and Simulation Process 1. History of Modelling and Simulation 2. Modelling and

The Modelling and Simulation Process 1. History of Modelling and Simulation 2. Modelling and

The Modelling and Simulation Process 1. History of Modelling and Simulation 2. Modelling and Simulation Concepts 3. Levels of Abstraction 4. Experimental Frame 5. Validation 6. Studying a mass-spring system 7. The Modelling and Simulation

692 views • 34 slides
Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force Los Angeles RWQCB Presentation September 15, 2011 Prologue Low-Threat Policy: An Evolutionary Process STATE WATER RESOURCES CONTROL BOARD

528 views • 31 slides
Abstract As a rule, developers of climate and biosphere models aim at predicting the most

Abstract As a rule, developers of climate and biosphere models aim at predicting the most

THE PRINCIPLE OF THE WORST SCENARIO IN MODELLING BIOSPHERE-CLIMATE DYNAMICS Bartsev S.I., Degermendzhi A.G., Belolipetsky P.V. Abstract As a rule, developers of climate and biosphere models aim at predicting the most probable scenario.

395 views • 25 slides
Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go wrong on the web! Clients encounter malicious content Web servers are target of break-ins Fake content/servers trick users Data sent

446 views • 16 slides
DEALING WITH DEVELOPERS Kelsey Becker Brookes Wednesday, September 25, 2019 Prepared for the

DEALING WITH DEVELOPERS Kelsey Becker Brookes Wednesday, September 25, 2019 Prepared for the

DEALING WITH DEVELOPERS Kelsey Becker Brookes Wednesday, September 25, 2019 Prepared for the 2019 ADOA Conference Developers An ounce of prevention is worth a pound of cure. 2 Developers Imposing obligations on developers is only

712 views • 22 slides
Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3 Denial of Service Attack (DoS) 4 THREAT CATEGORY THREAT ACTION TYPE Malware/Badware Send data to the external entity/site, Trapdoor/Backdoor Entry,

719 views • 23 slides
Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Introduction Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430) Inquisitive people, unintentional blunders Hackers driven by technical challenges Disgruntled employees or

357 views • 23 slides
How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR 2010 Introduction Cause Current threat around IEDs is continuously changing Little known about possible future threat Goal List

210 views • 16 slides
and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy

and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy

Harmful Algal Blooms, Agricultural Initiatives, and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy (Fisheries, Recreation, Tourism etc.) Sources: both Urban & Rural Whats Agricultures

520 views • 24 slides
Why developers shouldnt care about containers Why developers shouldnt neednt care

Why developers shouldnt care about containers Why developers shouldnt neednt care

Why developers shouldnt care about containers Why developers shouldnt neednt care about containers Hello! I AM ED SHEE Cloud Developer Advocate at IBM You can find me at @ukcloudman Imagine its early 2014... Docker is fairly

868 views • 37 slides
Funding Free Software Developers with... Why? Because Free Software Developers... Freely

Funding Free Software Developers with... Why? Because Free Software Developers... Freely

Funding Free Software Developers with... Why? Because Free Software Developers... Freely share the Need to pay their result of their work in bills in order to a way that benefits continue doing what the whole society. they do.

369 views • 8 slides

More recommend