threat models
play

Threat Models CS 5431 February 10, 2017 Threat Models Threats - PowerPoint PPT Presentation

Aug 23, 2023 •110 likes •357 views

Introduction Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430) Inquisitive people, unintentional blunders Hackers driven by technical challenges Disgruntled employees or

  1. Introduction Threat ¡Models CS ¡5431 ¡ February ¡10, ¡2017

  2. Threat ¡Models

  3. Threats ¡(CS ¡5430) • Inquisitive ¡people, ¡unintentional ¡blunders • Hackers driven ¡by ¡technical ¡challenges • Disgruntled ¡employees ¡or ¡customers ¡seeking ¡revenge • Criminals interested ¡in ¡personal ¡financial ¡gain, ¡stealing ¡services, ¡or ¡ industrial ¡espionage • Organized ¡crime ¡with ¡the ¡intent ¡of ¡hiding ¡something ¡or ¡financial ¡gain • Organized ¡terrorist ¡groups ¡attempting ¡to ¡influence ¡policy ¡by ¡isolated ¡ attacks • Foreign ¡espionage ¡agents ¡seeking ¡to ¡exploit ¡information ¡for ¡ economic, ¡political, ¡or ¡military ¡purposes • Tactical ¡countermeasures ¡intended ¡to ¡disrupt ¡specific ¡weapons ¡or ¡ command ¡structures • Multifaceted ¡tactical ¡information ¡warfare ¡applied ¡in ¡a ¡broad ¡ orchestrated ¡manner ¡to ¡disrupt ¡major ¡military ¡missions • Large ¡organized ¡groups ¡or ¡nation ¡states intent ¡on ¡overthrowing ¡a ¡ government

  4. Threats ¡(DoD)

  5. Threats ¡(DoD)

  6. Threat ¡Model ¡= ¡Capabilities • privilege ¡levels

  8. Threat ¡Model ¡= ¡Capabilities • privilege ¡levels • memory ¡access

  9. Heartbleed

  10. Heartbleed

  11. Threat ¡Model ¡= ¡Capabilities • privilege ¡levels • memory ¡access • physical ¡access

  12. Stuxnet

  13. Threat ¡Model ¡= ¡Capabilities • privilege ¡levels • memory ¡access • physical ¡access • key ¡access

  14. FileVault

  15. The ¡iPhone ¡Case

  16. Humans

  17. U.S. ¡Election ¡Hacks

  18. Threat ¡Model ¡= ¡Capabilities • privilege ¡levels • memory ¡access • physical ¡access • key ¡access • network ¡access

  19. Network ¡Adversaries Attacker ¡Properties Membership insider outsider Method active passive Adaptability dynamic static Organization cooperative individual Scope global extended local Motivation malicious rational opportunistic

  20. Pakistani ¡YouTube ¡Outage

  21. Dyn DDoS

  22. Security ¡Goals

  23. Security ¡Goals • "The ¡system ¡shall ¡prevent/detect ¡ action on/to/with ¡ asset ." ¡ • e.g., ¡"The ¡system ¡shall ¡prevent ¡theft ¡of ¡money” • e.g., ¡"The ¡system ¡shall ¡prevent ¡erasure ¡of ¡account ¡balances" ¡ • Specify ¡ what not ¡how • Be ¡specific • Make ¡goals ¡ feasible with ¡respect ¡to ¡threat ¡model

Recommend

IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security

IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security

IP Mobility: IP Mobility: Threat Models and Security Requirements Threat Models and Security Requirements Vidya Narayanan (vidyan@qualcomm.com vidyan@qualcomm.com) ) Vidya Narayanan ( Lakshminath Dondeti (ldondeti@qualcomm.com

413 views • 37 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides
Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides
Security Analysis & Threat Models Dawn Song Logistics Sessions You can go to any

Security Analysis & Threat Models Dawn Song Logistics Sessions You can go to any

Introduction Security Analysis & Threat Models Dawn Song Logistics Sessions You can go to any sessions Project groups You can switch groups for difgerent projects Wait List Dawn Song Evolving Threats Dawn Song

957 views • 49 slides
Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat

Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat

Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat Landscape Customers Biggest Security Challenges Changing Dynamic Complexity Business Models Threat Landscape and Fragmentation A

550 views • 13 slides
Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect Multi-phase approach Initially: create Cyber Domain PIM and S TIX PS M with UML Profile for NIEM Expand to other PS M, create Threat Meta

211 views • 10 slides
Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force Los Angeles RWQCB Presentation September 15, 2011 Prologue Low-Threat Policy: An Evolutionary Process STATE WATER RESOURCES CONTROL BOARD

528 views • 31 slides
Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go wrong on the web! Clients encounter malicious content Web servers are target of break-ins Fake content/servers trick users Data sent

446 views • 16 slides
Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3 Denial of Service Attack (DoS) 4 THREAT CATEGORY THREAT ACTION TYPE Malware/Badware Send data to the external entity/site, Trapdoor/Backdoor Entry,

719 views • 23 slides
How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR 2010 Introduction Cause Current threat around IEDs is continuously changing Little known about possible future threat Goal List

210 views • 16 slides
and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy

and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy

Harmful Algal Blooms, Agricultural Initiatives, and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy (Fisheries, Recreation, Tourism etc.) Sources: both Urban & Rural Whats Agricultures

520 views • 24 slides
CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling,

CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling,

CS 642: Midterm 1 Review Questions and General Study Pointers March 2020 1 Threat Modeling, Security Mindset Review the security mindset, and practice threat modeling on a few example websites. Also, review the various types of attacker models

401 views • 3 slides
Topics 1 . Building national interest in threat assessm ent 2 . Virginia threat assessm ent m

Topics 1 . Building national interest in threat assessm ent 2 . Virginia threat assessm ent m

The Virginia Model of School Threat Assessment June 19, 2019 Dewey Cornell, Ph.D. The Virginia Model of School Threat Assessm ent Dewey Cornell, Ph.D. Curry School of Education University of Virginia 434-924-8929 Email:

299 views • 15 slides
Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and Challenges Challenges Mission critical information = High value target Threatens Government organizations and large corporations

435 views • 39 slides
Counterintelligence & Insider Threat Detection National Insider Threat Special Interest Group

Counterintelligence & Insider Threat Detection National Insider Threat Special Interest Group

Counterintelligence & Insider Threat Detection National Insider Threat Special Interest Group July 18, 2017 Douglas D. Thomas Director, Counterintelligence Operations & Corporate Investigations Lockheed Martin Counterintelligence

706 views • 16 slides
Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2 2020 Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast Before we get started - The

874 views • 17 slides
Outline Starting synchronous lecture recording CSci 4271W More perspectives on threat modeling

Outline Starting synchronous lecture recording CSci 4271W More perspectives on threat modeling

Outline Starting synchronous lecture recording CSci 4271W More perspectives on threat modeling Development of Secure Software Systems Threat modeling: printer manager Day 7: More Threat Modeling Stephen McCamant Logistics update, incl.

564 views • 4 slides
THE ANATOMY OF CYBER THREAT INTELLIGENCE (CTI) Noureen Njoroge OVERVIEW Define Cyber Threat

THE ANATOMY OF CYBER THREAT INTELLIGENCE (CTI) Noureen Njoroge OVERVIEW Define Cyber Threat

THE ANATOMY OF CYBER THREAT INTELLIGENCE (CTI) Noureen Njoroge OVERVIEW Define Cyber Threat Intelligence (CTI) Define Cyber Intelligence (CI) Understand the importance of CTI to an organization Components of Threat Sources of

197 views • 19 slides
Threat Intelligence Jeremy Batterman Global Leader Threat Intelligence GREM, EnCE, GCFA, MBA 3

Threat Intelligence Jeremy Batterman Global Leader Threat Intelligence GREM, EnCE, GCFA, MBA 3

Threat Intelligence Jeremy Batterman Global Leader Threat Intelligence GREM, EnCE, GCFA, MBA 3 October 2018 What is Intelligence Convincing evidence Probable cause, beyond a reasonable doubt, or preponderance of

646 views • 25 slides
Topics skew ed picture 1 . Public fears versus facts about school shootings 2 . Virginia threat

Topics skew ed picture 1 . Public fears versus facts about school shootings 2 . Virginia threat

Before the Gunman Arrives: School Threat Assessment Sept 25, 2019 Dewey Cornell, Ph.D. Before the Gunm an Arrives: Dewey G. Cornell, Ph. D. School Threat Assessm ent Professor of Education in the Curry School of Education and Human

423 views • 13 slides
AN INTRODUCTION TO THREAT MODELING IN PRACTICE Thorsten Tarrach, Christoph Schmittner WHAT IS

AN INTRODUCTION TO THREAT MODELING IN PRACTICE Thorsten Tarrach, Christoph Schmittner WHAT IS

AN INTRODUCTION TO THREAT MODELING IN PRACTICE Thorsten Tarrach, Christoph Schmittner WHAT IS THREAT MODELING Introduction WHAT IS THREAT MODELING Structured Process Examination of a system for potential weaknesses

391 views • 28 slides

More recommend