Web and Cloud Threats
ISOL 536 Security Architecture and Design
Threat Modeling Session 13a Web Threats
Cloud Threats
Agenda
• Web threats
• Cloud threats
• Reading: Chapter 13
Web Threats
• The web is software like other software
• There are specific attack classes like Cross Site Scripting (XSS)
– In much the same way that stack smashing is a “feature” of C or other weakly typed languages
– Threat modeling not needed to help find these
– Finding these in TM is a distraction from the unique threats to your software
Web Site Threats
• Attack surface/Trust boundaries
• Dependencies
• Not showing outbound links
– Is Google analytics safe? (We hope so—it’s on each page!)
• Model helps you consider each part & relationships
Threatmodelingbook. com
Web hosting
Browser
Google Analytics
Textbook web site
DB
Browser Threats
• Mostly the job of a small number of browser makers
• Your job when writing a plugin
– Manage security & privacy
• Literature reviews & careful checking of browser API guidance
Cloud Threats
• New insiders – At the cloud provider — How do they compare to
other IT outsourcing? • New trust boundary (update your diagram)
– Co-tennants as threats
• Compliance threats – Regulation: what needs to be compliant?
– Audit & logging: what’s logged where and how?
– Can your controls migrate?
Cloud Threats (2)
• Legal
– In US, subpoena rules change if you give your data to others (“3rd party doctrine”)
• May affect privacy expectations
• Forensic
– Can you get the hard drives, etc for analysis?
• Integrity
– Creation and management of virtual machines
Recap
• To threat model web sites, focus on dependencies and unique functionality
• Cloud: focus on trust boundaries