Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Threat modelling

Apokrupto
November 04, 2017

Threat modelling

An introduction to threat modelling for your project.

Apokrupto

November 04, 2017
Tweet

More Decks by Apokrupto

Other Decks in Programming

Transcript

  1. THREAT
    MODELING
    DEVFEST17 - NOVEMBER 2017
    WARREN GAVIN (@APOKRUPTO)

    View Slide

  2. View Slide

  3. DANNY

    View Slide

  4. View Slide

  5. WHAT YOU WANTED
    WHAT YOU WROTE
    THREAT MODELING - @APOKRUPTO

    View Slide

  6. QUESTIONS
    THREAT MODELING - @APOKRUPTO

    View Slide

  7. QUESTIONS
    THREAT MODELING - @APOKRUPTO
    WHY

    View Slide

  8. QUESTIONS
    THREAT MODELING - @APOKRUPTO
    WHY
    WHO

    View Slide

  9. QUESTIONS
    THREAT MODELING - @APOKRUPTO
    WHY
    WHO
    WHAT

    View Slide

  10. QUESTIONS
    THREAT MODELING - @APOKRUPTO
    WHY
    WHO
    WHAT
    HOW

    View Slide

  11. QUESTIONS
    THREAT MODELING - @APOKRUPTO
    WHY
    WHO
    WHAT
    HOW
    WHEN

    View Slide

  12. View Slide

  13. TERRY

    View Slide

  14. View Slide

  15. WHY?
    THREAT MODELING - @APOKRUPTO

    View Slide

  16. WHY?
    THREAT MODELING - @APOKRUPTO
    BUILD A SECURE SYSTEM

    View Slide

  17. View Slide

  18. View Slide

  19. WHY?
    THREAT MODELING - @APOKRUPTO
    BUILD A SECURE SYSTEM

    View Slide

  20. WHY?
    THREAT MODELING - @APOKRUPTO
    BUILD A SECURE SYSTEM
    FOR A GIVEN VALUE OF
    ‘SECURE'

    View Slide

  21. MEANWHILE

    View Slide

  22. View Slide

  23. WH0?
    THREAT MODELING - @APOKRUPTO

    View Slide

  24. WH0?
    THREAT MODELING - @APOKRUPTO
    EVERYONE

    View Slide

  25. WH0?
    THREAT MODELING - @APOKRUPTO
    EVERYONE
    YOU DON’T NEED TO BE
    AN EXPERT

    View Slide

  26. MEANWHILE

    View Slide

  27. View Slide

  28. SAUL

    View Slide

  29. View Slide

  30. View Slide

  31. WHAT?
    THREAT MODELING - @APOKRUPTO

    View Slide

  32. WHAT?
    THREAT MODELING - @APOKRUPTO
    ASSETS

    View Slide

  33. WHAT?
    THREAT MODELING - @APOKRUPTO
    ASSETS
    - DATA, CONFIDENTIAL
    INFORMATION

    View Slide

  34. WHAT?
    THREAT MODELING - @APOKRUPTO
    ASSETS
    - DATA, CONFIDENTIAL
    INFORMATION
    - COMPANY REPUTATION

    View Slide

  35. MEANWHILE

    View Slide

  36. View Slide

  37. View Slide

  38. View Slide

  39. HOW?
    THREAT MODELING - @APOKRUPTO

    View Slide

  40. HOW?
    THREAT MODELING - @APOKRUPTO
    PREDICTION IS VERY
    DIFFICULT, ESPECIALLY
    ABOUT THE FUTURE
    Niels Bohr

    View Slide

  41. HOW?
    THREAT MODELING - @APOKRUPTO
    ANALYSE

    View Slide

  42. HOW?
    THREAT MODELING - @APOKRUPTO
    ANALYSE
    DATA FLOW

    View Slide

  43. HOW?
    THREAT MODELING - @APOKRUPTO
    ANALYSE
    DATA FLOW
    METHODOLOGY

    View Slide

  44. HOW?
    THREAT MODELING - @APOKRUPTO
    ANALYSE
    DATA FLOW
    METHODOLOGY
    STRIDE

    View Slide

  45. MEANWHILE

    View Slide

  46. View Slide

  47. View Slide

  48. BRUISER

    View Slide

  49. View Slide

  50. HOW? - DATA FLOW
    THREAT MODELING - @APOKRUPTO

    View Slide

  51. THREAT MODELING - @APOKRUPTO
    PROCESS
    HOW? - DATA FLOW

    View Slide

  52. THREAT MODELING - @APOKRUPTO
    PROCESS
    MULTI
    PROCESS
    HOW? - DATA FLOW

    View Slide

  53. THREAT MODELING - @APOKRUPTO
    PROCESS
    MULTI
    PROCESS
    EXTERNAL ENTITY
    HOW? - DATA FLOW

    View Slide

  54. THREAT MODELING - @APOKRUPTO
    PROCESS
    MULTI
    PROCESS
    DATA STORE
    EXTERNAL ENTITY
    HOW? - DATA FLOW

    View Slide

  55. DATA FLOW
    THREAT MODELING - @APOKRUPTO
    PROCESS
    MULTI
    PROCESS
    DATA STORE
    EXTERNAL ENTITY
    HOW? - DATA FLOW

    View Slide

  56. DATA FLOW
    THREAT MODELING - @APOKRUPTO
    PROCESS
    MULTI
    PROCESS
    DATA STORE
    TRUST BOUNDARY
    EXTERNAL ENTITY
    HOW? - DATA FLOW

    View Slide

  57. THREAT MODELING - @APOKRUPTO
    DATA STORE
    USER
    HOW? - DATA FLOW

    View Slide

  58. MEANWHILE

    View Slide

  59. View Slide

  60. View Slide

  61. HOW? - STRIDE
    THREAT MODELING - @APOKRUPTO

    View Slide

  62. THREAT MODELING - @APOKRUPTO
    SPOOFING
    HOW? - STRIDE

    View Slide

  63. THREAT MODELING - @APOKRUPTO
    SPOOFING
    TAMPERING
    HOW? - STRIDE

    View Slide

  64. THREAT MODELING - @APOKRUPTO
    SPOOFING
    TAMPERING
    REPUDIATION
    HOW? - STRIDE

    View Slide

  65. THREAT MODELING - @APOKRUPTO
    INFORMATION DISCLOSURE
    HOW? - STRIDE

    View Slide

  66. THREAT MODELING - @APOKRUPTO
    INFORMATION DISCLOSURE
    DENIAL OF SERVICE
    HOW? - STRIDE

    View Slide

  67. THREAT MODELING - @APOKRUPTO
    INFORMATION DISCLOSURE
    DENIAL OF SERVICE
    ELEVATION OF PRIVILEGE
    HOW? - STRIDE

    View Slide

  68. MEANWHILE

    View Slide

  69. View Slide

  70. View Slide

  71. HOW? - STRIDE/ELEMENT
    THREAT MODELING - @APOKRUPTO

    View Slide

  72. THREAT MODELING - @APOKRUPTO
    ENTITY: SR
    HOW? - STRIDE/ELEMENT

    View Slide

  73. THREAT MODELING - @APOKRUPTO
    ENTITY: SR
    PROCESS: STRIDE
    HOW? - STRIDE/ELEMENT

    View Slide

  74. THREAT MODELING - @APOKRUPTO
    ENTITY: SR
    PROCESS: STRIDE
    DATA STORE: TRID
    HOW? - STRIDE/ELEMENT

    View Slide

  75. THREAT MODELING - @APOKRUPTO
    ENTITY: SR
    PROCESS: STRIDE
    DATA STORE: TRID
    DATA FLOW: TID
    HOW? - STRIDE/ELEMENT

    View Slide

  76. MEANWHILE

    View Slide

  77. View Slide

  78. View Slide

  79. THREAT MODELING - @APOKRUPTO
    HOW? - QUANTIFY

    View Slide

  80. THREAT MODELING - @APOKRUPTO
    DAMAGE
    HOW? - QUANTIFY

    View Slide

  81. THREAT MODELING - @APOKRUPTO
    DAMAGE
    REPRODUCIBILITY
    HOW? - QUANTIFY

    View Slide

  82. THREAT MODELING - @APOKRUPTO
    DAMAGE
    REPRODUCIBILITY
    EXPLOITABILITY
    HOW? - QUANTIFY

    View Slide

  83. THREAT MODELING - @APOKRUPTO
    DAMAGE
    REPRODUCIBILITY
    EXPLOITABILITY
    AFFECTED USERS
    HOW? - QUANTIFY

    View Slide

  84. THREAT MODELING - @APOKRUPTO
    DAMAGE
    REPRODUCIBILITY
    EXPLOITABILITY
    AFFECTED USERS
    DISCOVERABILITY
    HOW? - QUANTIFY

    View Slide

  85. DREAD

    View Slide

  86. MEANWHILE

    View Slide

  87. View Slide

  88. THREAT MITIGATION
    THREAT MODELING - @APOKRUPTO

    View Slide

  89. THREAT MODELING - @APOKRUPTO
    A THREAT WITH NO
    MITIGATION IS A
    VULNERABILITY
    THREAT MITIGATION

    View Slide

  90. THREAT MITIGATION
    THREAT MODELING - @APOKRUPTO

    View Slide

  91. THREAT MITIGATION
    THREAT MODELING - @APOKRUPTO
    REDESIGN

    View Slide

  92. THREAT MITIGATION
    THREAT MODELING - @APOKRUPTO
    REDESIGN
    STANDARD MITIGATION

    View Slide

  93. THREAT MITIGATION
    THREAT MODELING - @APOKRUPTO
    REDESIGN
    STANDARD MITIGATION
    CUSTOM MITIGATION

    View Slide

  94. THREAT MITIGATION
    THREAT MODELING - @APOKRUPTO
    REDESIGN
    STANDARD MITIGATION
    CUSTOM MITIGATION
    ACCEPT

    View Slide

  95. THREAT MITIGATION
    THREAT MODELING - @APOKRUPTO
    AUTHENTICATION

    View Slide

  96. THREAT MODELING - @APOKRUPTO
    AUTHENTICATION
    INTEGRITY CHECKS
    THREAT MITIGATION

    View Slide

  97. THREAT MODELING - @APOKRUPTO
    AUTHENTICATION
    INTEGRITY CHECKS
    NON-REPUDIATION
    THREAT MITIGATION

    View Slide

  98. THREAT MODELING - @APOKRUPTO
    CONFIDENTIALITY
    THREAT MITIGATION

    View Slide

  99. THREAT MODELING - @APOKRUPTO
    CONFIDENTIALITY
    AVAILABILITY
    THREAT MITIGATION

    View Slide

  100. THREAT MODELING - @APOKRUPTO
    CONFIDENTIALITY
    AVAILABILITY
    AUTHORISATION
    THREAT MITIGATION

    View Slide

  101. TERRY’S
    THREAT
    MODEL

    View Slide

  102. View Slide

  103. SPOOFING

    View Slide

  104. View Slide

  105. TAMPERING

    View Slide

  106. View Slide

  107. REPUDIATION

    View Slide

  108. View Slide

  109. INFORMATION
    DISCLOSURE

    View Slide

  110. View Slide

  111. DENIAL OF
    SERVICE

    View Slide

  112. View Slide

  113. ELEVATION OF
    PRIVILEGE

    View Slide

  114. WHEN?
    THREAT MODELING - @APOKRUPTO

    View Slide

  115. WHEN?
    THREAT MODELING - @APOKRUPTO
    AT DESIGN TIME IS BEST

    View Slide

  116. WHEN?
    THREAT MODELING - @APOKRUPTO
    AT DESIGN TIME IS BEST
    BUT KEEP RE-EVALUATING

    View Slide

  117. WHEN?
    THREAT MODELING - @APOKRUPTO
    AT DESIGN TIME IS BEST
    BUT KEEP RE-EVALUATING
    IT’S NEVER TOO LATE

    View Slide

  118. WHEN?
    THREAT MODELING - @APOKRUPTO
    AT DESIGN TIME IS BEST
    BUT KEEP RE-EVALUATING
    IT’S NEVER TOO LATE
    UNLESS IT’S TOO LATE

    View Slide

  119. View Slide

  120. TERRY

    View Slide

  121. IDIOT

    View Slide

  122. DON’T BE
    A TERRY

    View Slide

  123. OBLIGATORY THANK YOU
    SLIDE
    THREAT MODELING - @APOKRUPTO

    View Slide