Presented byMike Sues, Ethical Hack Specialist

Threat Modeling

2Threat Modelling

Objectives To understand

The basics of threat modeling Where threat modeling fits in the SDLC Use and construction of attack trees

3

Talk Outline Threat modeling SDLC Attack trees

Threat Modelling

4

Motivation Threat Risk Assessment

Understand threats and risks Manage costs of mitigation Minimize the attack surface

Sales Increased security/privacy concerns C & A

Threat Modelling

5

Historically Lack of understanding of threats Security was an add-on

Band-aid solutions Use of security buzzwords/technology

Threat Modelling

6

Threat Modeling Threat Risk Assessment Apply appropriate controls Attack Trees

Threat Modelling

7

Goals Identify,

assets protected by the application threats to the assets

Develop, Mitigation strategies

Threat Modelling

8

Assets Data

Application Configuration Database records

Threat Modelling

9

Assets Examples

Application Code Configuration

User authentication credentials Business data

User data records Audit trails

Threat Modelling

10

Assets Value

Classification Monetary value

Replacement cost Intangible

Reputation

Threat Modelling

11

Threats Model application and data flows

High-level architectural diagram of application Model threats to assets

Multiple vectors Consider,

Asset Severity Likelihood Costs

Threat Modelling

12

Threats Taxonomy

S.T.R.I.D.E Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege

Threat Modelling

13

Threats Spoofing

Replay requests to a database server to gain unauthorized access to data

Tampering Defacement of a web site

Repudiation Deleting or modifying audit trail records

Information disclosure Gaining unauthorized access to data

Threat Modelling

14

Threats Denial of service

Crashing or flooding a service Elevation of privilege

Hijacking another user’s session with the application to gain access to the user’s data

Threat Modelling

15

Threats Attack trees

Graphically model attack goals & vectors Root of tree is the overall goal

e.g. Steal passwords Children are sub-goals

One step or multiple steps e.g. Collect plaintext passwords or shoulder surf e.g. Collect password hashes and crack hashes e.g. Gain privileged access and install keystroke

collector and exfiltrate password

Threat Modelling

16

Attack Trees

Threat Modelling

Steal passwords

Shoulder surf Collect sessions

Parse plaintextpassword

Parsepassword hash

Crackpassword hash

Gainremote access

Installkeystroke logger

Exfiltratepasswords

17

Attack Trees Node attributes

Cost Availability of tools etc

Threat evaluation Risk

Threat Modelling

18

Mitigation Rank threats

Prioritize Develop a strategy,

Ignore the risk Accept the risk Delegate the risk Fix the problem

Threat Modelling

19

Exercise HackMe Travel Identify assets Identify threats

STRIDE Build one attack tree

Threat Modelling

20

Conclusion Threat modeling,

Understanding the threat environment Manage costs of mitigation Guide to the application secure design

principles

Minimize an application’s attack surface

Threat Modelling

21

Conclusion Questions?

Threat Modelling

22

w w w. r i g e l k s e c u r i t y. c o m

Presented by Mike Sues,Ethical Hack Specialistm s u e s @ r i g e l k s e c u r i t y . c o m

Marie Pilon, Director of Operations t r a i n i n g @ r i g e l k s e c u r i t y . c o m

Rigel Kent Training - 180 Preston St. 3Rd Floor – Ottawa, On

1(613)233-HACK 1-877-777-H8CK