AN INTRODUCTION TO THREAT MODELING IN...
Transcript of AN INTRODUCTION TO THREAT MODELING IN...
![Page 1: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/1.jpg)
AN INTRODUCTION TO THREAT MODELING IN PRACTICE
Thorsten Tarrach, Christoph Schmittner
![Page 2: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/2.jpg)
WHAT IS THREAT MODELINGIntroduction
![Page 3: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/3.jpg)
• Structured Process
• Examination of a system for potential
weaknesses
WHAT IS THREAT MODELING
https://www.castlesworld.com/tools/motte-and-bailey-castles.php
![Page 4: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/4.jpg)
WHAT IS THREAT MODELING
https://www.castlesworld.com/tools/motte-and-bailey-castles.php https://deadliestwarrior.fandom.com/wiki/Huo_Chien
• Systematic approach
• Based on a conceptual model of
weaknesses and threats
• Structured Process
• Examination of a system for potential
weaknesses
![Page 5: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/5.jpg)
WHAT IS THREAT MODELING
• Systematic approach
• Based on a conceptual model of
weaknesses and threats
https://deadliestwarrior.fandom.com/wiki/Huo_Chienhttps://www.castlesworld.com/tools/concentric-castles.php
• Structured Process
• Examination of a system for potential
weaknesses
• Resolving identified weaknesses
![Page 6: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/6.jpg)
• Structured Process
• Examination of a system for potential
weaknesses
• Resolving identified weaknesses
WHAT IS THREAT MODELING
• Systematic approach
• Based on a conceptual model of
weaknesses and threats
• Keeping the model of weaknesses
and threats current
https://www.castlesworld.com/tools/concentric-castles.php https://www.pbs.org/video/1812-niagara-frontier-fort-george-cannon-firing/
![Page 7: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/7.jpg)
STRIDE
THREAT MODEL
![Page 8: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/8.jpg)
• Spoofing
• Person or program successfully
impersonate someone else
STRIDE
https://www.amazon.com/Moustache-Sailor-Fancy-Costume-Outfit/dp/B07QXT3C26
![Page 9: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/9.jpg)
• Tampering
• Modify something in a way which is
not desired by the considered
stakeholder
STRIDE
https://www.pinterest.at/pin/477311260477998586/
![Page 10: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/10.jpg)
• Repudiation
• Actions cannot be assigned to a
person or program
STRIDE
![Page 11: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/11.jpg)
• Information disclosure
• Sensitive information becomes known
to people who should not know it
STRIDE
https://www.tarses.com/blog/%EF%BB%BFlandlords-do-not-have-x-ray-vision-like-superman/
![Page 12: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/12.jpg)
• Denial of Service
• Resource or service is made
temporarily or indefinitely unavailable
STRIDE
![Page 13: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/13.jpg)
• Elevation of Privilege
• Gain elevated privileges
STRIDE
https://tvtropes.org/pmwiki/pmwiki.php/Main/TotemPoleTrench
![Page 14: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/14.jpg)
• We model the system as a dataflow
diagram
• Processes, data stores, external
elements communicate with each
other over dataflows
• And we define susceptibilities for the
elements based on STRIDE
1426/02/2020
APPLY THIS TO IT – STANDARD WAY
S T R I D E
Process X X X X X X
Data flow X X X
External element X X
Data store X X X
![Page 15: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/15.jpg)
• Works for a rough system draft
• Less suited for systems modeled in more details
• There is a connection, but no intended data flow
• Also challenging if the threat model is more concrete
• How to describe known issues or weaknesses
• If there is no time stamp or version number in an update an attacker could cause
a downgrade
• Difficult for certification, missing traceability
ISSUES
1526/02/2020
![Page 16: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/16.jpg)
AIT APPROACH FOR THREAT MODELINGDeveloped for embedded systems and integrated in model-based
engineering
![Page 17: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/17.jpg)
MODEL-BASED ENGINEERING
Security Model
• ThreatGet is
integrated into
Enterprise
Architect
• Extensive model
library with
security properties
and common
domain elements
![Page 18: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/18.jpg)
DOMAIN ELEMENTS
Domain Elements
• Set of common
elements for a
domain
• Inheritance and
Refinement
• Customizable
![Page 19: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/19.jpg)
SECURITY PROPERTIES
Security Properties
• Relevant security
properties
• Assignable to
elements
• Customizable
![Page 20: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/20.jpg)
AUTOMATED SECURITY ASSESSMENT
Rule Engine
• Rules describe
potential
weaknesses
• Custom made
Grammar
• Multi-hops attacks
• Usage of multiple
databases
![Page 21: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/21.jpg)
VERSIONING
Traceability of
Analysis
• For each analysis a
snapshot of the
model is generated
• Snapshot +
analysis reports is
marked with date
and time
• Stored in the model
![Page 22: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/22.jpg)
THREATGET – COOPERATIVE
THREATMODELING
Web-based Backend
Knowledge
Base
Analysis
Engine
EA Addin
Modelling
Risk
Management
EA Addin
Modelling
Risk
Management
EA Addin
Modelling
Risk
Management
EA Addin
Modelling
Risk
Management
![Page 23: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/23.jpg)
AUTOMATED THREAT INTELLIGENCE
UPDATES
Web-based Backend
AIT
Knowledge
Base
Threat Intelligence
STIX, Structured Threat
Information eXpression
CVE, Common
Vulnerabilities and
Exposures
…
User
Knowledge
Base
AIT Review and
Translation
![Page 24: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/24.jpg)
THREAT INTELLIGENCE – AUTOMOTIVE
EXAMPLE
2426/02/2020
AIT
Knowledge
Base >1400
>100 Threats
UNECE WP29
>200 Threats
ITU
>300 Threats
ETSI
>400 Threats
AIT analysis
>400 Threats
External sources
UNECE WP29: World Forum for Harmonization of Vehicle Regulations
ETSI: European Telecommunications Standards Institute (V2X in Europe)
ITU: International Telecommunication Union
![Page 25: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/25.jpg)
THREATGETExample
2526/02/2020
![Page 26: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/26.jpg)
THREATGETSummary
![Page 27: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/27.jpg)
THREATGET - THREAT ANALYSIS AND RISK
MANAGEMENTCybersecurity expertise Modeling knowhowDomain knowledge
ThreatGet
Threat Analysis Report
Benefits
• Automated threat
analysis based on
current threat
intelligence
• Traceability from
threats to requirements
• Continuous process,
integrated with model-
based engineering
https://www.threatget.com/
![Page 28: AN INTRODUCTION TO THREAT MODELING IN PRACTICEsec4dev.io/assets/uploads/slides/Sec4Dev_ThreatGet.pdfWHAT IS THREAT MODELING ... AUTOMATED SECURITY ASSESSMENT Rule Engine ... Risk Management](https://reader033.fdocuments.net/reader033/viewer/2022050103/5f420538fedc996b8c5cb137/html5/thumbnails/28.jpg)
THANK YOU!Thorsten Tarrach, Christoph Schmittner