Subscribe via E-mail

Your email:

published qa papers free

Most Popular Posts

Browse by Tag

Posts by Month

Follow Me

NTT DATA Canada Discussion Room

Current Articles | RSS Feed RSS Feed

High Level Threat Model

Posted by JORRIT WIT on Thu, Feb 02, 2012 @ 08:42 AM
 

High Level Threat Model

Software Security Engineering Blog III

Written by Maheshwar Kanitkar and Hemant Belorkar

IT Security Threats resized 600

A threat model is essentially a structured representation of all the information that affects the security of an application. In essence, it is a view of the application and its environment with a  security mindset.

Threat modeling is a process for capturing, organizing, and analyzing all of this information. Threat modeling enables informed decision-making about application security risk. In addition to producing a model, typical threat modeling efforts also produce a prioritized list of security improvements to the concept, requirements, design, or implementation.

Threat Modeling - Generic Steps

 

  • Define the application requirements.
  • Security-based risk assessments to identify areas of greatest risk to the business and the technology platform were completed.
  • Identify user roles that will interact with the application.
  • Identify the data the application will manipulate.
  • Identify the use cases for operating on that data that the application will facilitate.
  • Findings from the risk assessments were addressed in the security architecture and implementation.
  • Model the components of the application.
  • Model the service roles that the components will act under.
  • Model any external dependencies.
  • Model the calls from roles, to components and eventually to the data store for each use case
  • Identify any threats to the confidentiality, availability and integrity of the data and the        application based on the data access control matrix that your application should be enforcing.
  • Assign risk values and determine the risk responses.
  • Determine the counter measures to implement based on your chosen risk responses.
  • Continually update the threat model based on the emerging security landscape.

 

One can build a threat model using STRIDE, an acronym for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Benefits

Done right, threat modeling provides a clear "line of sight" across a project that justifies security efforts. The threat model allows security decisions to be made rationally, with all the information on the table. The alternative is to make knee-jerk security decisions with no support. The threat modeling process naturally produces an assurance argument that can be used to explain and defend the security of an application. An assurance argument starts with a few high level claims, and justifies them with either sub claims or evidence.

read-part-4

The opinions expressed on this discussion room are writer's and don't necessarily represent NTT DATA Canada's positions, strategies or opinions.
Tags: , , ,

Comments

How to use this in the Wen based applications(in .net & C#)?
Posted @ Thursday, February 02, 2012 11:04 AM by Gholkar Amrut Bharat
Reponse from Hemant, 
 
 
 
Gholkar, 
 
 
 
Thanks for the question. 
 
 
 
Microsoft Threat Modeling Process is available for web based applications using .net & C#. This process has five main steps 
 
1. Identify Security Objectives  
 
2. Application Overview 
 
3. Decompose Application 
 
4. Identify Threats  
 
5. Identify Vulnerabilities 
 
 
 
For more details, you can refer following links  
 
http://msdn.microsoft.com/en-us/library/ff648006.aspx;  
 
http://msdn.microsoft.com/en-us/library/ff648644.aspx; 
 
http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx 
 
 
 
 
 
Also STRIDE process can also be used for web based applications.  
 
Posted @ Friday, February 03, 2012 6:59 AM by JORRIT WIT
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics