thread model

sallytay

20180212223033appendix_e_511_5271.pdf

Home >Engineering homework help >Electronic Engineering homework help >thread model

5 12 A p p e n d ix E ı C a s e S t u d ie s

T h e A c m e D a ta b a s e

T h e A c m e d a ta b a s e is a s o ftw a r e p r o d u c t d e s ig n e d to b e r u n o n p r e m is e s b y

o r g a n iz a tio n s o f a ll s iz e s T h e c u r r e n tly s h ip p in g v e r s io n is 3 1

, a n d th is is th e

te a m '

s fir s t th r e a t m o d e l T h e y h a v e c h o s e n to m o d e l w h a t th e y h a v e a n d th en

d e te r m in e h o w e a c h n e w fe a tu r e in te r a c ts w ith th is m o d e l a s p a r t o f th e s a m e

p r o c e s s in w h ic h th e y d o p e rfo r m a n c e a n d r e lia b ility a n a ly s is T h is m o d e lin g is

in s p ir e d b y a s e r ie s o f r e c e n t d e s ig n fla w s th a t a ffe c te d c o m p a n y r e v e n u e T h e

o u tp u t o f th is m o d e lin g w o u ld b e a c le a r lis t o f b u g s a n d a c t io n ite m s B e c a u s e

th e im p o r ta n t ta k e a w a y fr o m th is a p p e n d ix is n o t th e b u g s o r a c tio n ite m s

b u t th e a p p r o a c h th a t fin d s th e m in y o u r s o ftw a r e o r s y s te m , th e b u g lis t is n o t

p r o v id e d a s a lis t

S e c u rity R e q u ire m e n ts

A c m e h a s fo r m a liz e d s e c u r ity r e q u ir e m e n ts fo r th e fir s t tim e T h o s e r e q u ir e

m e n ts a r e a s fo llo w s

T h e p r o d u c t is n o le s s s e c u r e th a n th e ty p ic a l c o m p e tito r (A c m e '

s s o ftw a r e

is c u r r e n tly v e r y in s e c u r e , a n d a s s u c h , s tr o n g e r g o a ls a r e d e fe r r e d to a la te r r e le a s e )

= ıin e p r o d u c t c a n b e c e r tifie d fo r s a le s to th e U S government

= T h e p r o d u c t w ill s h ip w ith a s e u ır ity o p e r a tio n s m a n u a l A s e c u r ity c o n fig u r a tio n a n a ly s is to o l is p la n n e d b u t w ill s h ip a fte r th e n e x t r e v is io n

= N o n r e q u ir e m e n t p r o te c t a g a in s t th e D B A

= A s th e p r o d u c t w ill h o ld a rb itr a ry d a ta , th e te a m w ill n o t b e a c tiv e ly lo o k in g fo r p r iv a c y is s u e s b u t n o r w ill th e y b e w illń rlly b lin d

= A d d itio n a l r e q u ir e m e n ts w ilt b e a p p lie d to s p e c ific c o m p o n e n ts

S o ftw a re M o d e l

A fte r a s e r ie s o f d e s ig n m e e tin g s o v e r th e c o u r s e o f a w e e k , r u n b y P a u l (p r o je c t

m a n a g e m e n t le a d ) a n d a tte n d e d b y D e b b ie (a r c h ite c tu r e ), M ik e (d o c u m e n ta tio n ), a n d T in a (te s t), th e te a m a g r e e s o n th e m o d e l s h o w n in F ig u r e E 1 T h e s e m e e tin g s to o k lo n g e r th a n e x p e c te d , b e c a u s e d e ta ils e m e rg e d w h o s e r e le v a n c e to th e th r e a t m o d e l w a s n o t in itia lly c le a r , le a d in g to a d is c u s s io n o f q u e s tio n s

s u c h a s " D o e s th is a d d a tr u s t boundar " a n d " D o e s th is a c c e p t c o m n e c tio n s

a c r o s s a tr u s t b o u n d a r y ? "

；二二二二二二二二二二二二二

Kry

En tity Ĺ p ro ce s s D a ta sto re Bo u n da ry

Fıg u re E 1 T h e A c m e d a ta b a se

T h re a ts a n d M itig a tio n s

Th e th r e a ts id e n tifie d to th e s y s te m a r e o rg a n iz e d b y m o d u le , to fa c ilita te m o d u le o w n e r r e v ie w T h e y w e r e id e n tifie d th r e e w a y s

W a lk in g th r o u g h th e th r e a t tr e e s in A p p e n d ix B , " T h r e a t T r e e s

W a lk in g th r o u g h th e r e q u ir e m e n ts lis te d in C h a p te r 12 , " R e q u ir e m e n ts

C o o kb o o k "

A P p l yi ng ST R I DE - e r - l em e n t to the di ag r a m sh o w n in Fi gu r e E- �

A c m e w o u ld r a n k th e th r e a ts w ith a b u g b a Ļ a lth o u g h b e c a u s e n e ith e r th eb a r n o , th e r e s u lt o f s u c h r a n k in g is c r itic a l to th is e x a m p le ı th e y a r e n o t s h o w nSo m e th r e a ts a r e lis te d b y s T R ID E , o th e r s a r e a d d r e s s e d in le s s s tr u c tu r e d te x t

itak'"g 1' "tigation a d d r e s s e s s e v e r a l th r e a ts T h e th r e a ts a r e s h o w n in

" ' m a k e th e m e a s ie r to s k im P n d in g th e s e th r e a ts to o k r o u g h ly tw o w e e

k s , w ith a o n e h o u r th r e a t id e n ti

fic a tio n m e e tin g e a rly in th e d a y d u r in g w h ic h th e te a m e x a m in e d a c o m p o n e n t

a n d its d a ta flo w s T h e e x a m in a tio n c o n s is te d o f w a lk in g th r o u g h th e th r e a ttr e e s in A p p e n d ix B a n d th e r e q u ir e m e n ts c

h e c k lis t in C h a p te r 12 , a n d th e n

歹【indix E ı C a s e S tu d ie s 5 15

Inf on n a t

ion Di sc los u r e T h e r e ar e bo t h de b ug ging int er fac e s an d er ro r me s -

sa ge s,

w h ich re v e a

l in fo rm a tio n a b o u t th e d a ta ba s e c o n n e c tio n p a r a m e te rs

D e n i al of

Se r v i ce R e l iab i lity en g i ne e r ing ha s al re a d y re m o v e d mo s t of �

th e a p p lic a tio n s p

e c iħc s ta tic lim its , b u t h o w to c o n fig u r e a fe w w ill b e

a dd e d to th e

o p e r a t io n s g u id e

E l ev a t ion o

f pr i vi leg e A se p a r at e se c u r i ty en g ine e r i ng pa s s wi ll pe r f or rn�

a v a rie ty o

f te s tin g o n in p u t v a lid a tio n A d d itio n a lly th e fr o n t e n d te a m

w ill d o c u m e n

t th e lim ite d v a lid a tio n it p e r fo r m s o n d a ta , a n d r e v ie w

th a t a ga in s t a s s u m p

tio n s th a t th e c o r e d a ta b a s e m a k e s ab o u t p r o te c tio n

■

co n n e c tio n s to Fr

o n t E n d s

The w e b fr o n t e n

d a lw a y s r u n s o v e r SSL

, a ld r e s s in g ta ın pe r in g a n

d in fo r m a tio n

disclo s ıtre is s u e s T h e

S Q L c lie n t a n LĄ c lie n t lib r a r ie s w ill b e u p g r a d e d s o t

h a t

co n n e c tin g w

ith o u t S SL r e q u ir e s s e ttin g sp e c ia

l o p tio n s (o n e o n t h e s e r v e r to

allo w su c h c o n n e c t

io n s , o n e o n th e c lie n to a lĮo w fa llb a c k) T h e

A c m e c lie n t a n d

libra rie s w ill a lw a y s a tte m p

t to c o n n e c t w ith SSL fir s t , u n le s s a s e c o n d o p tio n ,

D e n ia l of · se r u ice th r e a ts a r e a g a in g e n e r

a lly w e ll a d d r e s s e d b y th e r e l

ia b ility

a n d p e r fo r m a n c e e n g in e e r

in g th a t h a s a lr e a d y b e e n

d o n e T h e s e c u r ity te a m

se n d s a c o n g r a tu la to r y b o x o

f d o n u ts to th e r e lia b il ity te a m

Co re D a ta b a s e

R e qu ir e m e n ts

= A ll d a ta b a s e p e r m is s io n s r u le s w ill b e c e

n tr a liz e d in to a s in g le a u th o riz a

tio n e n gin e to e n fo r c e c o n fid e n tia

lity , in te gr ity , a n

d a u th o riz a tio n p ° lic ie s

T h r e a ts

= s p o o fin g T h e c o r e d a ta b a s e is d e s

ign e d to r u n o n a d e d

ic a te d s y s te m ,

a n d a s s u ch is u n lik e ly to c o m e u n d e r s p o o f

in g a tta c k s T h e o n e e x c e F

tio n , w h ic h w ill b e a n a ly z e d

fu r th e r , is t h a t th e fr o n t e n

d h a s th e a b ility

to im p e r s o n a te a n d p e r fo r m

a c tio n s a s a n y u s e r a c c o u

n t

= T a m p e ń n g In p u t v a lid a tio n r a is e s q u

e s tio n s o f SQ L in je c tio n , a n d

th o s e

fr o n t e n d s A n in te r s y s te m r e v ie w is p

la n n e d a c c o r d in g to t

h e a p p r o a c h

d e s c r ib e d in c h a p te r 18 " E x p e r im

e n ta l A p p r o a c h e s

= R e p u d ia tio n R e v ie w s fo u n d th a t th e

d a ta b a s e lo g s n e a r ly e v e r y

th in g

o r igin a tin g fr o m th e fr o n t e n d , e x

c e p t s e v e r a l k e y s e s s

io n e s ta b lis h m e n t

A p is fa il to lo g h o w t h e s e s s io n w

a s a u th e n tic a te d

5 16 A p p e n d ix E ı C a s e S tu d ie s

= In fo n n a « o n D is c lo s u r e SQ L in je c tio n a tta c k s a g a in s t th e d a ta b a s e c a n

le a d to in fo r m a tio n d is c lo s u r e in a ll s o r ts o f w a y s T h e te a m p la n s to

in v e s tig a te w a y s to a r c h ite c tu r a lly r e s tr ic t S Q L in je c tio n a tta c k s

= D e n ia l o f S e r v ic e V a r io u s c o m p le x c r o s s ta b le r e q u e s ts m a y h a v e a

p e r fo r m a n c e im p a c t A te s te r is a s s ig n e d to in v e s tig a te c le v e r w a y s to

p e r fo r m s m a ll, e x p e n s iv e q u e r ie s

= E le v a tio n o f p r iv ile g e A r e v ie w fin d s tw o r o u tin e s th a t b y d e s ig n a llo w

a n y c a lle r to r u n a r b itr a r y c o d e o n th e s y s te m T h e te a m p la n s to a d d

A C L s to th o s e r o u tin e s a n d p o s s ib ly tu r n th e m o ff b y d e fa u lt

D a ta (M a in D a ta Sto re )

Pr e v e n tin g ta m pe r in g , in fo r m a tio n dis c ıo s u r e , a n d de n ia l o f s e r u ic e a ļ ı r e ly o n th e p r e s e n c e o f a lim ite d s e t o f c o n n e c tio n s , w ith th o s e c o n n e c tio n s c o n tr o lle d b y o p e r a tin g s y s te m p e r m is s io n s If th e d a ta s to r e is r e m o te a n d r u n s o n n e tw o r k

a tta c h e d s to r a g e , th e s to r a g e c o n tr o lle r c a n b y p a s s a ll th e c o n tr o ls o n th e d a ta A d d itio n a lly, th e n e tw o r k c o n n e c tio n s w o u ld b e v u ln e r a b le T h e te a m w ill

d o c u m e n t th is , a n d p e rh a p s a d d a d d itio n a l c r y p to g r a p h ic fe a tu r e s in a fu tu r e

r e le a s e th a t a d d r e s s s u c h th r e a ts w ith u n tr u s te d d a ta s to r e s T h a t d e c is io n w ill h in g e o n h o w im p o r ta n t th e b u s in e s s r e q u ir e m e n t is , th e e ffo r t in v o lv e d in i 呷 le m e n ta tio n , a n d p o s s ib le p e r fo r m a n c e im p a c t

M a n a g e m e n t (D a ta Sto re )

T h e s a m e p r o b le m s th a t c o u ld a ffe c t th e d a ta s to r e a r e m a g n ifie d if th e m a n a g e m e n t d a ta s to r e is o n r e m o te s to r a g e M e te a m p la n s to m o v e m a n a g e m e n t d a ta to th e s a m e d e v ic e a s th e d a ta b a s e

, a n d d o c u m e n t th e s e c u r ity e ffe c t o f

m o v in g it e ls e w h e r e

C o n n e c tio n s to th e C o re D a ta b a s e

T h e te a m h a s b e e n a s s u m in g th a t th e s e c o n n e c tio n s a r e w ith in a s e c u r ity b o u n d a r y, w ith th e p r e v io u s ly u n s ta te d a s s u m p tio n s th a t th e fr o n t e n d s

, d a ta b a s e

, a n d

D B a d m in p o r ta is w o u ld b e o n a tr u s te d n e tw o r k G iv e n th e w o r k to a d d r e s s a ll th e th r e a ts th a t th is a s s u m p tio n a llo w e d

, a n d to e n s u r e p e r fo r m a n c e , th a t

a s s u m p tio n is u p d a te d to a n is o la te d n e tw o r k fo r th o s e w ith a p a c k e t filte r T h a t a s s u m p tio n is a d d e d to th e o p e r a b o n s g u id e A b u g to e n c r y p t a n d a u th e n tic a teb e tw e e n c o m p o n e n ts is file d fo r a fu tu r e v e r s io n

518 a n · n d ı× E ı C a s · S tu d ı · s

Lo g s (D a ta Sto re )

u n lik e th e m a in d a ta s to re , lo g s a r c , b y d e s ig n , r e a ti b y lo g a n a ly s is to o ıs th , lt

a r e o u ts id e th e tr u s t b o u n d a r y

= T a m p e r in g T h e lo g s a re p r e s e n te d a s r e a d o n ly to th e a n a ly s is to o ls

= R e p u d ia tio n T h e lo g s a r e k e y to a n a ıy z in g iln a tte m p t a t r c p u LIin tin n , h u t it tu r n s o u t th a t n o t a ll lo g s a r e U c ıiv c re d to th ( · c e n tr a l lo g s to Tt · S t ì r\lt · a r e h e ld in o th e r lo c a tio n s

, w h ic h is tr a c k t tl in a s c t o f b u g s

= In fo r m a tio n D is c lo s u r e B e c a u s e th e lo g a n a ly s is c o d e is o u ts itlt th t tr u s t b o u n d a r y , th e lo g s m u s t n o t c o n ta in in fo r m a tio n th a t s h Ln ııL\ 11u l Į 1 d is c lo s e d

, a n d a re v ie w o f lo g g in g w ill b e r e q u ir e d , e s p e c ia lly fu \ L ıs t?L I o n

p e r s o n a l in fo r m a tio n

= D e n ia l o f S e r v ic e T h e lo g a n a ly s is c o d e h a s th e c a p a b ility to m a kLï n u m e r o u s r e q u e s ts If ıo g s a r e s to r e d o n th e s a m e s y s h

' m a s th e m a in lil lil Lì , 15 o th e n m a n a g in g lo g r e q u e s ts c o u ld ıim it d a ta b a s e p c r fo r m iì n c e h y c u n s u m in g r e s o u r c e s n e e d e d fo r c o n tro ıle r b a n ciw id th

, etis k o p e r a tio n s , a n il o th e r

ta s k s T h is is s u e is a d d e d to th e o p e r a tio n s g u id e , w ith a s u g g e s tio n to s e n d lo g s to a s e p a r a te s y s te m

Lo g A n a ly s is

T h e th r e a ts a r e a s fo llo w s

= S p o o fin g A ll th e ty p ic a l s p o o fin g th r e a ts a r e p r e s e n t (r o u g h ly e v e ry th in g c o v e r e d in A p p e n d ix B

s fig u r e a n d ta b le B 1 a p p lie s ) A s th e n u m b e r o f d a ta b a s e u s e r s is ty p ic a lly s m a ll, th e te a m d e c id e s to a d d p e r s is te n t tr a c k in g o f lo g in in fo r m a tio n to a id in a u th e n tic a tio n d e c is io n s

= T a m p e r in g T h e lo g a n a ly s is m o d u le h a s s e v e r a l p lu g in s to c o n n e c t to p o p u la r a c c o u n t m a n a g e m e n t to o ls

, e a c h o f w h ic h p r e s e n ts a ta m p e r in gth r e a t A s th e lo g s a r e a lr e a d y r e a d o n ly w ith r e s p e c t to th e lo g a n a ly s isto o l

, ta m p e r in g th r e a ts a r e le s s im p o r ta n t

= R e p u d ia tio n T h e lo g a n a ly s is to o ls m a y h e lp a n a tta c k e r fig u r e o u t h o wto e n g a g e in a r e p u d ia tio n th a t is h a r d to d is p u te = In fo r m a tio n D is c lo s u r e T h e lo g a n a ly s is to o ls

, b y d e s ig n , e x p o s e a g re a td e a l o f in fo r m a tio n

, a n d a b u g w a s file d b a s e d o n th e In fo r m a tio n D is c lo s u reite m u n d e r

L o g s (D a ta S to r e y "

to c o n tr o l th a t in fo r m a tio n (In a r e a l th r e a t m o d e l

, y o u ' d ju s t r e fe r to a b u g n u m b e r )

= D e n ia l o f S e r v ic e C o m p le x q u e r ie s fr o m lo g a n a ly s is c a n a b s o r b a lo t o f p r o c e s s in g tim e a n d I/0 b a n d w id th

= E le v a tio n o f P r iv ile g e T h e r e a r e p r o b a b ly a n u m b e r o f e le v a tio n p a th sb a s e d o n c a lls fr o m th e lo g a n a ly s is m o d u le to o th e r p a r ts o f th e s y s te m ,d e s ig n e d in b e fo r e tr u s t b o u n d a r ie s w e r e m a d e e x p lic it

In sttmmafy , it s e e m s th a t A c m e

s d e v e lo p m e n t te a m h a s le a r n e d a lo t, a n d

ha s a g o o d d e

a l o f w o r k in fr o n t o f th e m B e c a u s e th is w o r k w a s k ic k e d o ff a fte r

a se rie s o

f e m b a r r a s s in g s e c u r ity in c id e n ts , m a n a g e m e n t is c a u tio u s ly o p tim is tic

Th e y h a v e a

s e t o f is s u e s to w o r k o n , a n d if m o r e in c id e n ts h a p p e n , th e y c a n

u se th o s e

in c id e n ts to s e e if th e ir th r e a t m o d e lin g w o rk fo u n d th e th r e a ts , a n d

ritiz e th a t fix

T h e y b e lie v e s u c h s u r p r is e s a r e fa r le s s lik e ly th a n th e y w e r e

A c m e ı s O p e ra t

io n a l N e tw o rk

The A c m e C o r p o r a

tio n a r e m a k e r s o f fin e d a ta b a s e s o ftw a r e It u s e d to p r o d u c e

je t pro p e lte d p o g o s

tic k s , to r n a d o s e e d s

, a n d o th e r p r o d u c ts b e fo r e a le v e r a g e d

b u y°u t d r o v e it to a m o

r e tr a d itio n a ı c o r p o r a te s tr u c tu r e , in c lu d in g a m o r e

tra d itio n a l o p e r a t

io n a l n e tw o r k A fte r its p r o je c t to th r e a t m o d e l its s o ftw a r e

go e s w e ll, p r o

d u c in g u s e fu l a n d a c t io n a b le b u g s , jt d e c id e s to ta k e a c r a c

k a t

m o d e lin g its in te r n a l n e tw o r k

Se c u rity R e q u ire m e n ts

T h e s e r e q u ir e m e n ts w e r e b u ilt o n th o s e fr o m th e R e q u ir e m e n ts C o o

k b o o k (s e e

C h a p te r 12)

O p e r a tio n s w ill e n s u r e th a t its fir e w a lls a lig n w ith th e tr u s

t b o u n d a r ie s

s h o w n in d ia g r a m s

T h e s a le s p o r tio n o f th e n e tw o r k w ill n e e d to b e P C I c o m p lia n t

C o m p le te b u s in e s s r e q u ir e m e n ts a r e s o m e w h a t h a r d to p in d o w n , a n

o f th e fo r m " L e ť s n o t h a v e b a d s tu ff h a p p e n

" T h o s e w ill b e m a d e m o r e

p r e c is e a s q u e s tio n s o f h o w to m itig a te a r e a n a

ly z e d , u s in g th e fe e

d b a c k

P r o c e s s b e tw e e n th r e a ts , m itig a t io n s

, a n d r e q u ir e m e n ts s

h o w n in F ig u r e

12 1 (in C h a p te r 12 )

A c m e h a s d e c id e d to fo c u s o n a sT R ID E th r e a t o r ie n te d a p p r o a c h , a s

it w o r k e d

r e a s o n a b ly w e ll fo r th e ir s o ftw a r e th r e a t m o d e lin g T h e y a r e a w a r e

th a t a b a la n c e

iĝi e n p r e v e n t ı d e te c t

, a n d r e s p o n d is p r o

b a b ly a ls o im p o r ta n t

, b u t w a n te d

1d o n th e ir s u c c e s s w ith s o ftw a r e m o d e lin g , a n d s o w ill c o n s id e r th o s e

e n t s a t a la te r d a te

O p e r a tio n a l v u ln e r a b ility m a n a g e m e n t w

ill tr a c k a ll p r o d u c ts d e p lo y e d

o n th e a tta c k s u r fa c e

a H e n c e fo r th , a ll n e w ly d e p lo y e d s o ftw a r e w

iu b e c h e c k e d to e n s u r e it

h a s a v u ln e r a b ility a n n o u n c e m e n t p o lic y

b P a u l , a p r o je c t c o o r d in a to r , h a s b e e n a s s

ig n e d to tr a c k d o w n v u ln e r

a b ility a n n o u n c e m e n t p o lic ie s p e r p r o

d u c t in u s e , a n d to s u b s c r i b e to

a ll o f th e m

i2 0 A p p e n d ix E = C a s e S tu d ıe s

O p e ra tio n a l N e tw o rk

A c m e ' s o p e r a tio n a l n e tw o r k w a s s h o w n e a r lie r in C h a p te r 2 ,

S tr a te g ie s fo r

T h r e a t M o d e lin g "

a n d is r e p r o d u c e d h e r e a s F ig u r e E 2 T h e r e m a in d e r o f th is

s e c tio n is w r itte n in th e fo r m o f a s u m m a r y, a s if it w e r e fr o m th e t T h e

m a in th in g m is s in g is b u g n u m b e r s , b e c a u s e a d d in g fa k e b u g n u m b e r s w o n '

m a k e th e e x a 呷 le s m o r e r e a d a b le

ı, t

A c m e s o p e ra tio n a l b u s in e s s n e tw o rk

T h e te a m h a s d e c id e d th a t th is d ia g r a rn w ill s u ffic e to g e t s ta r te d e v e n th o u g h th e r e a r e s e v e r a l o b v io u s b u g s , in c lu d in g th e fa c t th a t it d o e s n o t s h o w p a y m e n t

p r o c e s s in g T h a t w ill b e c o n s id e r e d la te r , a s m a k in g s u r e n o o n e s te a ls th e p la n s fo r th e r o c k e t p o w e r e d p o g o s tic k s o r d e h y d r a te d b o u ld e r s is c o n s id e r e d a to p p r io r ity

th e s y s te m s th a t m a k e u p th e o p e r a tio n a l n e tw o r k a r e a s fo llo w s

= D e s k to p a n d m o b ile a r e th e e n d u s e r s y s te m s th a t e v e r y o n e in th e c o m

p a n y u s e s

= E m a il a n d in tr a n e t a r e a n E x c h a n g e s e r v e r a n d a s e t o f internal w ik is a n d b lo g s e r v e r s

鰍臨

= D e v e lo p m e n t s e r v e r s in c lu d e s th e lo c a l s o u r c e c o n tr o 1 r e p o s ito r y , a lo n g w ith b u g tr a c k in g , b u ild , a n d te s t s e r v e r s

= P r o d u c tio n T h is is w h e r e p r o d u c ts a r e m a d e u s in g a jlıs t in tim e a p p r o a c h It in c lu d e s a n o p e r a tio n s n e tw o r k th a t is b ril o f m a c h in e to o ls a n d o th e r e q u ip m e n t th a t is ĥ n ic k y a n d h a r d to k e e p o p e r a tio n a l, n e v e r m in d s e c lır e

â ? § Ħi į

F ig u re E 2

A p p e n d ı× E ı C a s e S tu d ıe s 5 2 1

= D ir e c to w

T h is is a n A c tiv e D ir e c to r y s e r v e r , w h ic h is u s e d fo r a c c o tın t

a ia Dia g e m e n t a c r o s s

m o s t o f th e s y s te m s a t A c m e

H R Mm a g e m e n Ł

Th i s is a pe r s o n n e l da t ab a s e , t ime - a r d sy s t em f or �

h o u r ly e m p lo y e e s , a n d r e la te d s e r v ic e s

= W e b s i te ls a le s /c R M T h is is th e w e b s ite th r o u g h w h ic h o r d e r s a re p la c e d

m e w e b s ite r u n s a t a n ta a s c lo u d p r o v id e r It h a s a d ir e c t c o n n e c tio n to

th e p r o d u c tio n s h o p T h e w e b s ite is lo c a lly b u ilt a n d m a n a g e d w ith a

v a r ie ty o f d e p e n d e n c ie s

p a y r o ll T h is is a n o u ts o u r c e d p a y r o ll c o m p a n y

T h re a ts to th e N e tw o rk

T h e te a īn m a d e a n in itia l d e c is io n to lo o k a t o p e r a t io n s th r e a t b y th r e a t, r a th e r

th a n s y s te m b y s y s te m , a s lo o k in g a t th e s y s te m s m a k e s it a l

ittle h a r d e r to r a n k

th r e a ts (a n d w o u ld r e s u lt in a th r e a t m o d e l th a t lo o k s lik e th e p r io r e x a m p le )

In th e in te r e s ts o f p r e s e n tin g a s o m e w h a t c o m p a c t e x a m p le

, a d d itio n a l r e q u ir e

m e n ts a r e o n ly c a lle d o u t o c c a s io n a lıy

Sp o o fin g

T h e te a m d e c id e d to k ) o k a t s p o o fin g th r e a ts b y t h e v ic tim th a t is , w h a t h a p

pe n s if s o m e o n e s p o o fs th e c o n n e c tio n to e a c h s y s te m o r s e t o f s y s te m s w ith in

th e d ia g r a m

lin e r e q u ir e m e n ts fo r A c m e '

s n e tw o r k a r e a s fo llo w s

■ N o a n o n y m o u s a c c e s s to c o rp o r a te s y s te m s

= m e r e m a y b e a r e q u ir e m e n t fo r w h is tle b lo w e r a n o n y m ity T h e q u e s

tio n is s e n t to le g a l

S in g le fa c to r a u th e n tic a tio n is s u ffic ie n t fo r a ll s y s te m s

A U s y s te m s s h o u ld d e fa u lt to a u th o r iz a tio n a g a in s t th e d ir e c to ry s y s te m

A c c o tın t c r e a tio n is p e r fo r m e d b y a s in g le a

d m in is tr a to r

T h e r e qu ir e m e n ts fo r th e w e b s ite a r e a s fo llo w s

= f a c e b o o k lo g in s w ill b e a c c e p te d

= A n y o n e w ith a v a lid a te d e m a il a c c o u n t c a n c r e a te a n a c c o u n t

SP o o fin g th r e a ts to s p e c ific a r e a s o f th e o p e r a tio n a l n e tw o r

k in c lu d e

D æ k to p a n d m o b ile s e v e r a l d e v e lo p e r s h a v e in s ta lle d th e ir o w n r e m o te

a c c e s s s o ftw a r e , b e lie iń n g th a t

n o o n e w o u ld e v e r fin d it "

is s u ffic ie n t

R a th e r th a n h a v e a d e b a te o n th e s u b je c t, th e te a m r e a liz e d th e r e '

司

52 2 M g n d ix E = C a s e S tu d ıe s

n o g o o d a lte r n a tiv e , a n d a d d s th is a s ju s tific a tio n fo r t

h e V P N p r o je c t to

m o v e fa s te r

= E m a il a n d in tr a n e t s e r v ic e s T h e s e s e r v ic e s a r e e x p o s e d

to th e In te r n e t

p a s s w o r d p r o te c tio n o n th e in tr a n e t s e r v e r s is s p o tty ,

a s s o m e o f th e m

w e r e d e p lo y e d w ith t h e a s s u m p tio n th a t

th e y '

r e " b e h in d th e fir e w a ll,

w h ile o th e r s w e r e d e p lo y e d w ith a s h o r e d u s e rn a m e /p a s s w o r d , a n d y e t

o th e r s r e a lly d o n e e d e x p o s u re to th e In te r n e t fo r m o b ile w o r

k e r s T h a t

la s t n e e d w ill b e a d d r e s s e d w ith a V P N

, w h ic h is n o t y e t d e p

lo y e d

= D e v e lo p m e n t s e r v e r s T h e s e s e r v e r s b e in g s p o o fe d s e e m s

to tu r n la r g e ly

in to a n in te g r ity (ta m p e rin g ) th r e a t a g a in s t e ith e r s o u rc e o r d e v e ıo p m e n t

d o c u m e n ts

= p r o d u c tio n M o s t o b v io u s ly , s o m e o n e c o u ld d r iv e th e c r e a tio n o f e x tr a

p r o d u c ts , h a v e th o s e p r o d u c ts e ith e r s ta c k u p in th e w a r e

h o u s e o r , w o r s e ,

b e d e liv e r e d to fa k e c u s to m e r s M o r e s u b tly , a r a s c a lly a tta c k e r m ig h t

b e a b le to d e liv e r fa k e p r o d u c t p la n s , r e s u ltin g in p r o d u c t m a

lfu n c tio n s ,

u n h a p p y c u s to m e r s , a n d b a d p r e s s fo r th e c o m p a n y a n d its p r o

d u c ts

= D ir e c to r y T h e b ig g e s t is s u e w o u ld b e s p o o fin g o f H R m a n a g e m e n t If

s o m e o n e c a n p r e te n d to b e H R , th e y e n d u p w it h a lo t o f p o w e r

= H R M a n a g e m e n t T h e d ig ita l d a ta flo w s a r e a lm o s t e x c lu s iv e ly o u tb o lın d

In b o u n d p r o c e s s e s s till in v o lv e a lo t o f fa c e to fa c e d is c u s s io n a n d p a p e r

fo r m s

S a le s /C R M T h e s e s y s te m s h a v e a d ir e c t c o n n e c tio n to p r o d u c tio n , w h e r e

o r d e r s a r e s e n t It tu r n s o u t th a t th e s e r v e r in p r o d u c tio n w ill ta k e e n tr ie s

a u th e n tic a te d o n ly b y IP a d d r e s s , a n d a n y o n e w ith th a t a d d r e s s c a n e n te r

o r d e r s

P a y r o ll S p o o fin g th r e a ts to th e p a y r o ll s y s te m lo o m la r g e in e v e r y o n e '

m in d , e s p e c ia lly b e c a u s e H R e m a ils p a y r o ll d a ta e v e r y w e e k U n fo r tu n a te ly ,

th e p a y r o ll c o m p a n y h a s n o o p tio n s to u s e a n y th in g s tr o n g e r th a n a u s e r

n a m e a n d p a s s w o r d A fte r a r a u c o u s d e b a te , th e te a m d e c id e s to file a b u g (a ls o n o tin g th e in fo r m a tio n d is c lo s u r e a n d ta m p e r in g th r e a ts a s s o c ia te d w ith e m a il), a n d th e n m o v e s to o th e r th r e a ts

= O th e r s p o o fin g A s in gle d ir e c to r y s e r v e r a c ts a s a s in g le p o in t o f fa ilu r e fo r s p o o fin g s e c u r ity W h ile th is w o r r ie s s o m e te a m m e m b e r s , th e

s o lu tio n

o f a d d in g a s e c o n d d ir e c to r y s y s te m d o e s n ' t h e lp b e c a u s e e v e n a fte r

a lo t o f w o r k to k e e p th e m in s y n c , m o s t s p o o fin g a tta c k s w ill h a v e tw o

p o te n tia l ta r g e ts

義

52 4 A p p e n d ix E ı C a s e S t u d ie s

a p p e a r lo n g s ta n d in g o r v ic e v e r s a , a n d c h a n g in g h o w th e y a r e tr e a te d

b y c u s to m e r s e r v ic e o r a n ti fr a u d

= P a y r o ll T h e ta m p e r in g a tta c k s h e r e r a n g e fr o m th e o b v io u s ly b a d , s u c h

a s a d d in g e m p lo y e e s o r c h a n g in g s a la r ie s , to th e m o r e s u b tle , s u c h a s

c h a n g in g ta x w ith h o ld in g o r d e d u c tio n s a t th e s a m e tim e ( " W e

r e s o r r y, M r S m ith

, b u t w e h a v e n o t r e c e iv e d in s u r a n c e p r e m iu m s fr o m y o u

)

R e p u d ia tio n

T h e te a m d e c id e d to fo c u s m o s t r e p u d ia tio n a tte n tio n o n s a le s o r d e r r e p u d ia tio n

, a n d h a s p la n n e d a r e v ie w o f lo g s o n th e s a le s s e r v e r T h e r e a r e c e r ta in ly

o th e r r e p u d ia tio n is s u e s th e y c o u ld e x a m in e , in c lu d in g r e p u d ia tio n o f c h e c k in s to th e d e v e lo p m e n t s e r v e r s , r e p u d ia tio n s o f H R c h a n g e s , o r r e p u d ia tio n o f c h a n g e s to p r o d u c tio n H o w e v e r , fo r a fir s t p a s s a t th r e a t m o d e lin g , o th e r th r e a ts a r e g iv e n p r io r ity

In fo r m a tio n D is c ıo s u re

A c m e is v e r y p r o te c tiv e o f tr a d e s e c r e ts r e g a r d in g p r o d u c t c r e a tio n , a n d w o r r ie d

a b o u t th e c o n te n ts o f th e c u s to m e r s u p p o r t d a ta b a s e , a s a fe w c u s to m e r s s e e m to r e g u la r ly e n c o u n te r p r o d u c t r e lia b ility is s u e s C u s to m e r s u p p o r t b e lie v e s th a t m a n y o f th e s e c u s to m e r s a r e m e r e ly h a s ty, n o t ta k in g tim e to r e a d th e in s tr u c tio n s T h r e a ts a p p ly to

= D e s k to p a n d m o b ile s y s te m s U n fo r tu n a te ly , th e s e m u s t h a v e a c c e s s to

m o s t d a ta D a ta e n c r y p tio n s o ftw a r e m a y b e a n im p o r ta n t a d d itio n h e r e , to p r o te c t a g a in s t in fo r m a tio n d is c lo s u r e if th e m a c h in e s a r e s to le n ìh is m itig a tio n a p p lie s a c r o s s m o s t o f th e s y s te m s in th e c o m p a n y , a n d is n o t

r e p e a te d p e r s e c tio n

= E m a il s e r v e r s E m a il c o n ta in s a tr e m e n d o u s a m o u n t o f c o n fid e n tia l

in fo r m a tio n Tin e te a m c o n s id e r s a p ilo t p r o je c t fo r e m a il e n c r y p tio n

= In tr a n e t s e r v e r s Ţin e s e s e r v e r s a r e a d iffe r e n t b e a s t Iť s c h a lle n g in g to a d d e n c r y p tio n fo r a p p lic a tio n d a ta s u c h th a t o n ly c e r ta in r e a d e r s h a v e

th e k e y s (in c o n tr a s t to ń rll d is k e n c r y p tio n ) It m ig h t b e p o s s ib le to u s e a m o r e w e ll c o n s id e r e d s e t o f p e r m is s io n s A d d itio n a lly , iť s p o s s ib le to a d d S S L to m o s t o f th e s e s e r v e r s

= D e v e ıo p m e n t s e r v e r s It is s im ila r ly c h a lle n g in g to u s E e n c r y p tio n fo r a p p lic a tio n d a ta

= P r o d u c tio n s e r v e r s T h e s e a r e lo c k e d d o w n p r im a r ily fo r r e lia b ility r e a s o n s

, w h ic h h a s n ic e s id e e ffe c ts fo r s e c u r ity

【iÆ E n d ix E ı C a s e S t u d ie s 5 2 5

= H R m a n a g e m e n

t T h e s e in c lu d e in fo r m a tio n o n s a la r ie s , p e r fo r m a n

c e

r e v ie w s , s u ffic ie n t p e r s o n a l d a ta to c o m m it id e n tity th e ft, a s w e

ll a s a

h o s t o f in fo r m a tio n o n p r o s p e c tiv e c a n d id a te s

= S a le s /C R M T h e s e s y s te m s c o n ta in in fo r m a tio n a b o u t u p c o m in g s a le s ,

c o u p o n c o d e s

, c u s to m e r n a m e s a n d a d d r e s s e s

, a n d p r o b a b ly a c c i

d e n

ta lly c r e d it c a r d n u m b e r s T h e d a ta flo w fr o m s a le s to p r o d u c tio n n e e

d s

to h a v e e n c r y p t io n a d d e d

D e n la ı o f S e rv ic e

So m e w h a t s im ila r to r e p u d ia tio n

, d e n ia l o F s e r v ic e th r e a ts a r e tr e a te d a s a lo w e r

p rio r ity th a n s p o o

fin g , ta m p e r in g , o r in fo r m a tio n d is c lo s u r e T h e te a m n o te s th a t

p ro d u c tio n is d e p e n d e n t o n a n o n s c a la b le s e t o f m a c h in e s a n d s k ille d m a c h in e

o p e r a to r s , a n d s o a le a p in s a le s w o u ld b e a d e n ia l o f v a c a tio n

Ele v a tio n o f P riv iıe g e

O u ts id e r s c a n a tte m p t to e le v a te to in s id e r p r iv ile g e s v ia d e s k to p (a tta c k in g v ia

e m a il , IM

, a n d w e b b r o w s in g ), a n d a tta c k in g s a le s /C R M o r p a y r o ll, e a c h o f

w h ic h is e x p o s e d to th e In te r n e t T o a d d r e s s th e d e s k to p e le v a tio n a tta c k s

, th e

te a m lo o k s to v u ln e r a b ility m a n a g e m e n t a n d s a n d b o x in g T h e w e b a p p lic a tio n s

th a t d e liv e r s a le s a n d C R M a r e e x p o s e d to a v a r ie ty o f a tta c k s , in c lu d in g X 2 し

a n d c o m m a n d in je c tio n , c r o s s s ite s c r ip tin g (X S S), c r o s s s ite r e q u e s t fo r g e r y (C R SF ), a n d o th e r w e b a tta c k s T e s tin g fo r th o s e a tta c k s w ill b e m a n a g e d b y th e

Q A te a m ı w h ic h w ill n e e d a d d itio n a l s e c u r ity tr a in in g T h e te a m r e s o lv e s to

a sk e x te r n a l v e n d o r s s o m e q u e s tio n s a b o u t p a tc h in g a n d s e c u r e d e v e lo p m e n t

a t th e p a y r o ll c o m p a n y A c m e h a s d e c id e d to d e fe r in s id e r th r e a ts fo r n o w

, a s

th e r e '

s a lo t to b e d o n e in th e n e a r te r m

In s u m m a r y, A c m e h a s u s e d S T R D E t h r e a t m o d e lin g a n d a m o d e l o f th e ir

o p e r a tio n a l n e tw o r k to id e n tify m a n y th r e a ts A g a in , th e y h a v e m o v e d fr o m a

v a g u e s e n s e o f u n e a s e to a w e ll ju s tifie d s e t o f c o n c e r n s , w h ic h th e y c a n w o r k th r o u gh F r o m h e r e

, th e y d n e e d to d e c id e o n a p r io r itiz a tio n s c h e m e fo r th o s e

c o n c e r n s , o r c o n s id e r a d d itio n a l s e c u r ity r e q u ir e m e n ts , d e p e n d in g o n th e ir

u n iq u e n e e d s

P h o n e s a n d o n e T im e T o k e n A u th e n tic a to rs

C h a p te r " T r a d e o ffs w h e n A d d r e s s in g T h r e a ts , " d e s c r ib e s a th r e a t m o d e l

(sh o w n in F ig u r e E 3) th a t illu s tr a te s h o w th r e a t m o d e ls c a n b e u s e d to d r iv e th e

e v o lu tio n o f a n a r c h ite c tu r e T h is m o d e l is a ls o a u s e fu l e x a m p le o f a fo c u s e d

U Ep e n d ix E ı C a s e S tu d ie s 5 2 7

2 T h e te lc o in te

r fa c e d o e s s o m e fo r m o f lo o k u p to fin d o u t h o w to r o u te t h e

m e s s a g e T h a ť s m o d e le d a s a

n u m b e r r o u tin g "

p r o c e s s in a s e p a r a te tr u s t

d o m a in T h e r e a r e a n u m b e r o f w a y s in w h ic h m o b ile p h o n e s a s s o c

ia te

w ith o t h e r p h o n e c a r r

ie r s , in c lu d in g r o a m in g a n d Je m to c e tls S im ila r ly ,

b u t n o t s h o w n , w ith U S p h o n e n u m b e r p o r ta b ility , s im p le r o u tin g b y

a r e a c o d e a n d e x c h a n g e n o lo n g e r w o r k s , e v e n fo r la n d lin e s T h e n u m b e r

r o u tin g s y s te m ret ur ns a p o in te r to a

" C u s to m e r e ffe c tiv e te lc o

3 T h e te lc o in te rfa c e th e n s e n d s th e p h o n e n u m b e r a n d O T R to th e c u s to m e r

e ffe c tiv e te lc o

4 T h e 0 1T is th e n s e n t to o n e o r m o r e s y s te m s th a t m a y b e d e liv e r in g t

h e

m e s s a g e M a t m ig h t s im p ly b e th e p h o n e in q u e s ń o n , b u t it c o u

ld a ls o b e

a n in te r fa c e s u c h a s G o o gle V o ic e o r A p p le iM e s s a g e (A U p r o d u c ts a r e

lis te d fo r illu s tr a tiv e p u rp o s e s o n ly )

5 ıin e p e r s o n e n te r s th e O T T a t th e lo g in p a g e , a n d it is c o m p a r e

d to th e

e x p e c te d v a lu e

T h e s e c u r ity r e q u ir e m e n t is th a t t h e O T T is n o t d is c lo s e d to a n a tta c k e r T h e r e

a r e th r e e r e q u ir e m e n ts w h ic h m ig h t a p p ly F ir s t, th e

0 1T s h o u ld g e th r o tĮ g h

in ta c t th a t is , fr e e o f ta m p e r in g S e c o n d

, th e s y s te m s h o u ld r e m a

h o p e r a tio n a l

B o th th o s e r e q u ir e m e n ts a p p lY to a lm o s t a n y v a r ia n t o f th is s y s

te m , a n d a s s u c h

th e y d o n o t e n h a n c e th e v a lu e y o u g e t fr o m a c o m p a r a

tiv e th r e a t m o d e l T h e

th ir d r e q u ir e m e n t w h ic h m a y b e r e le v a n t is p r iv a c y p e o p le m a y n o t w

a n t to

giv e y o u th e ir m o b ile p h o n e n u m b e r a n d r is k it b e in g a b u s e d fo r s a

le s c a ı1s o r

o th e r p u r p o s e s T h is is a th r e a t to yo u r a b ility to u s e O T Ľ to im p r o v e a u

th e n tic a

tio n T h e p r iv a c y is s u e w o u ld w e ig h in fa v o r o

f a p p lic a tio n s o n m o b ile d e v ic e s

T h e T h re a ts

T h is m o d e l fo c u s e s o n th r e a ts to th e c o n fid e n tia lity o f th e 0 1T S o m e o f th o s e

a r e d ir e c t th r e a ts , o th e r s a r e im p a c ts o f fir s

t o r d e r th r e a ts s u c h a s s p o o fin g a n d

ta m p e r in g

1 Th e lo g in s y s te m a n d te lc o in te r fa c e c o m m u n ic a te in s id e a m

t b o u n d a r y ,

a n d y o u c a n ig n o r e th r e a ts th e r e fo r th is m o d e l

2 Th e p h o n e n u m b e r b e in g s e n t to a r o u tin g s e r v ic e o u

ts id e th e tr u s t b o u n d

a r y p r e s e n ts a n u m b e r o f th r e a ts If th e r e p ly is n o t a c c u r a

te ,

s te p 3 w ill

e x p o s e th e O T T T h e r e p ly c a n b e in a c c u r a te fo r a v a r ie ty o f r e a s o n s ,

in c lu d in g b u t n o t lim ite d to t h e fo llo w in g

= L ie s (in a c c u r a te o r m is le a d in g d a ta r e g a r d le s s o f w h e th e r th a ť s a c c i

d e n ta l , in te n tio n a l b y th e

d a ta b a s e , o r in te n t io n a l b y s o m e o n e w h o

h a c k e d th e d a ta b a s e ) fr o m th e r o a m in g d a ta b a s e

= L ie s fr o m th e fe m to c e ll d a ta b a s e