Threat modelling for developers - FOSDEM

Threat modellingfor developers

Arne Padmos

SafetyvsSecurity

William WarbyWarner Bros

Are we doomed?

“ Building security in ”

“ Security by design ”

“ Shifting security left ”

Microsoft

“ If we ... could do only one thing “ to improve software security … “ we would do threat modelling “ every day of the week. ”

— Howard & Lipner

“ If we ... could do only one thing “ to improve software security … “ we would do threat modelling “ every day of the week. ”

— Howard & Lipner

Requirements engineering&Architectural analysis

What’s your threat model?( security assumptions )

“ More precisely, we will assume“ the following about a saboteur: ”

– obtain any message– initiate any conversation– be a receiver to any user

Utagawa Kuniyoshi

Eleanor Saitta

What couldpossiblygo wrong?

Types of threat modelling

– Attacker-centric– Asset-centric– System-centric

William Warby

Paul Pols

Cyril Davenport

Eleanor Saitta et al.

Stewart Brand

Antti Vähä-Sipilä

Popular approaches( system-centric )

– STRIDE– Trike– PASTA

Relevant questions

1. What are we working on?2. What can go wrong?3. What are we going to do?4. Did we do a good job?

Adam Shostack

Lightweight methodology

1. Draw data flows2. Elicit threats3. Ranking + controls4. Check your work

Adam Shostack

Mark Dowd et al.

Trail of Bits

ConfidentialityIntegrityAvailability

AuthenticationAuthorisationAccountability

Information disclosureTamperingDenial of service

SpoofingElevation of privilegeRepudiation

“STRIDE”

SAFEcode

Adam Shostack

Dick Bruna

Parker Brothers

Risk ≈ likelihood × impact

ThoughtWorks

Howard & Lipner

“ All models are wrong,“ some models are useful. ”

— George Box

Koyaanisqatsi

Stephen Checkoway et al.

Howard & Lipner

Dick Bruna

ThoughtWorks

Rijksoverheid

What couldpossiblygo wrong?

Arne Padmoshello@arnepadmos.com

github.com/arnepadmos/resources

my “toy collection”

Threat modelling for developers - FOSDEM

Documents

Transcript of Threat modelling for developers - FOSDEM

ERNW NEWSLETTER 55/ SEPTEMBER 2016 THREAT · PDF fileTHREAT ANALYSIS OF MALICIOUS APPLICATIONS ON MOBILE OPERATING ... 6.2.1 STRIDE threat model 31 ... developers and corporate

SigDigger - FOSDEM

Spoilers fosdem-2013

Présentation fosdem v0.8.0

Kata-Containers on openSUSE - FOSDEM€¦ · 5 Why Virtualization Threat Model: untrusted code in a (Kata) Container attacks the host Attack surface-- – Containers: the shared host

The Threat Detection System That Cried Wolf: … · Cried Wolf: Reconciling Operators with Developers ... The Threat Detection System That Cried Wolf: Reconciling Operators with Developers

gobpf - Schu · FOSDEM • 2017-02-05 • michael@kinvolk.io The IO Visor Project “[...] open source project and a community of developers to accelerate the innovation, ... FOSDEM

(R)Evolution - FOSDEM...

Fosdem 2011 Lpi Why

Eo fosdem 15

FOSDEM 2020 Querying millions to billions of metrics with ...€¦ · metrics mostly.Adding more metrics at organizations 2. Developers put custom metrics on ... Cassandra Elastic

FOSDEM 2006 presentation.

BoxGrinder – FOSDEM 2012

Analyzing developers network in a community · 2018-02-06 · Analyzing developers network in a community David Moreno @dlumbrer1 dmoreno at bitergia dot com Community Devroom - FOSDEM

Org fosdem-2011

Womoz FOSDEM 2010

Developing FOSDEM Companion

Threat Modeling For Secure Software Design · 2017. 10. 1. · Typical Threat Modeling Session Gather documentation Gather your team: Developers, QA, Architects, Project Managers,

Molly Mackinlay - FOSDEM

GDPR & FOSS - Previous FOSDEM Editions · Why listen to this presentation | FOSS developers as civil libertarians FOSDEM ‘17 | GDPR & FOSS | MARC JONES | @marcturnerjones | @CIVICACTIONS