Web and Cloud Threats

profilePathuri
Threat_Modeling_16wk_session_13a.pdf

ISOL 536 Security Architecture and Design

Threat Modeling Session 13a Web Threats

Cloud Threats

Agenda

• Web threats

• Cloud threats

• Reading: Chapter 13

Web Threats

• The web is software like other software

• There are specific attack classes like Cross Site Scripting (XSS)

– In much the same way that stack smashing is a “feature” of C or other weakly typed languages

– Threat modeling not needed to help find these

– Finding these in TM is a distraction from the unique threats to your software

Web Site Threats

• Attack surface/Trust boundaries

• Dependencies

• Not showing outbound links

– Is Google analytics safe? (We hope so—it’s on each page!)

• Model helps you consider each part & relationships

Threatmodelingbook. com

Web hosting

Browser

Google Analytics

Textbook web site

DB

Browser Threats

• Mostly the job of a small number of browser makers

• Your job when writing a plugin

– Manage security & privacy

• Literature reviews & careful checking of browser API guidance

Cloud Threats

• New insiders – At the cloud provider — How do they compare to

other IT outsourcing? • New trust boundary (update your diagram)

– Co-tennants as threats

• Compliance threats – Regulation: what needs to be compliant?

– Audit & logging: what’s logged where and how?

– Can your controls migrate?

Cloud Threats (2)

• Legal

– In US, subpoena rules change if you give your data to others (“3rd party doctrine”)

• May affect privacy expectations

• Forensic

– Can you get the hard drives, etc for analysis?

• Integrity

– Creation and management of virtual machines

Recap

• To threat model web sites, focus on dependencies and unique functionality

• Cloud: focus on trust boundaries