After reading - Threat Modeling
Threat Modeling book
Dr. Dobbs Jolt Award Finalist 2014
By Adam Shostack (Microsoft’s Threat Modeling Expert)
Haha, finally I finished this book recommended by st 👨🍳 Reading books is similar to frying eggs. 🍳 Need to control the pace, heat, shape, and mood.
Content
-
Part 1 Getting Started
- Cp 1 Dive In and Threat Model!
- Cp 2 Strategies for Threat Modeling
-
Part 2 Finding Threats
- Cp 3 STRIDE
- Cp 4 Attack Trees
- Cp 5 Attack Libraries
- Cp 6 Privacy Tools
-
Part 3 Managing and Addressing Threats
- Cp 7 Processing and Managing Threats
- Cp 8 Defensive Tactics and Technologies
- Cp 9 Trade-Offs When Addressing Threats
- Cp 10 Validating That Threats Are Addressed
- Cp 11 Threat Modeling Tools
-
Part 4 Threat Modeling in Technologies and Tricky Areas
- Cp 12 Requirements Cookbook
- Cp 13 Web and Cloud Threats
- Cp 14 Accounts and Identity
- Cp 15 Human Factors and Usability
- Cp 16 Threats to Cryptosystems
-
Part 5 Taking it to the next level
- Cp 17 Bringing Threat Model to Your Organization
- Cp 18 Experimental Approaches
- Cp 19 Architecting for Success
Briefing
Some models with detailed examples are introduced in the book to deal with potential threats. With security requirements and those threats in mind, security bugs can be identified early.
Four Step framework
Model system -> Find Threats -> Address Threats -> Validate
It may be useful to know how to execute an attack, but it’s more important to know where they are executed and how to effectively defend against it.
Some Quick Notes
Spoofing Attack
a person, a “file” on disk, a network address, a program in memory, a machine, a role
Tampering Threats
Tampering with a file, Racing to create a file, tampering with a network packet
Repudiation Threats
No logs no prove, logs under attack, log as attack Information Disclosure: Network Monitoring, Directory or Filename, File contents, API Information Disclosure
Trust boundaries
Trust boundaries is also a very interesting topic that is mentioned in the book.
STRIDE approach
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service,
- Elevation of Privilege.
For each interaction with each element, like Process, Data Flow, Data Store, External Interactor, there may be some risk posing on each of these STRIDE areas.
Attack Tree
root node, subnodes, mindmap
CAPEC
The CAPEC is MITRE’s Common Attack Pattern Enumeration and Classification.
OWASP TOP 10
Authentication
- Authentication Technologies for computers
- IPSec
- DNSSEC
- SSH Host keys
- Kerberos authentication
- HTTP Digest or Basic authentication
- “Windows authentication” (NTLM)
- PKI systems, such as SSL or TLS with certificates
- Authentication Technologies for bits:
- Digital signatures
- Hashes
- Maintain authentication across connections:
- Cookies
Integrity Technologies
For files:
- ACLs or permissions
- Digital signatures
- Hashes
- Windows Mandatory Integrity Control (MIC) feature
- Unix immutable bits
For network traffic:
- SSL
- SSH
- IPSec
- Digital signatures
Risk Management
- Avoid
- Address
- Accept
- Transfer
- Ignore
Attacker Portrait
With amazing attacker lists, the book illustrates the attacker psychology and portrait. It is amazing that they all have a clear motivation, skill and education, span of influence, collaboration, tool and technologies, and IT experience, lol, which I don’t have much! 🐇
Some motivation: curiosity, experimentation, personal fame, bragging rights, personal gain, intense dislike for employer, the thrill of succeeding, national interests, …oh, that’s a lot. 😀
Actually I found those appendices more interesting than the content, haha.
Famous Quotes in book
All models are wrong, some models are useful. –George Box
If you have to ask what jazz is, you’ll never know. –Louis Armstrong
References
- Shostack, A. (2014). Threat modeling: Designing for security. Indianapolis, IN: Wiley.