Week 1 assignment with 500 words

ISOL 536 Security Architecture and Design

Threat Modeling Session 1

Agenda

• About this course

• About threat modeling

ABOUT THIS COURSE

About this course

About threat modeling

Threat Modeling in Depth

• 16 weeks – 16 weeks of deep material – 16 Lectures – 7 Assignments

• 3 Discussions • 2 Article/paper reviews • 2 Case study assignments

– 3 Quizzes – 1 Research paper/presentation (residency week) – 1 Final Exam

• Text: Threat Modeling: Designing for Security (Wiley, 2014)

Schedule & Grading

• See the syllabus for more details

• Due date/time: Sunday 11:59 PM

– NOT THE FINAL EXAM

• 100 points total

– Assignments (21 pts)

– Quizzes (14 pts)

– Residency weekend paper/presentation (40 pts)

– Final exam (25 pts)

Administrative Notes

• Read the course syllabus

• Check your email and course announcements

• Be proactive

• Check course announcements

– (did I already say that?)

• Read the text (don’t just fake it)

• Apply the material to what you already know

ABOUT THREAT MODELING

About this course

About threat modeling

Wouldn’t it be better to find security issues before you write

or deploy a line of code?

So how can you do that?

How Do You Find Security Issues?

Ways to Find Security Issues

• Static analysis of code

• Fuzzing or other dynamic testing

• Pen test/red team

• Wait for bug reports after release

Ways to Find Security Issues (2)

• Threat modeling!

– Think about security issues early

– Understand your requirements better

– Don’t write bugs into the code

– And the subject of this lesson

So…how do you threat model?

Definitions

• What is a threat?

• How is it different from a

– vulnerability,

– risk,

– or just a problem?

• What is a model?

So…how do you threat model?

What are the problems associated with the “Think like an Attacker”

mentality?

Think Like an Attacker?

• Like thinking like a professional chef! – Even if you cook well, are you the chef at a

popular restaurant?

• Thinking like an attacker – or focusing on them is risky – What do they know? What will they do?

– If you get these wrong, your threat modeling will go astray

• So don’t start from attackers!

What are the problems associated with starting from assets as an approach to threat modeling?

What do you learn by making an asset list?

Focus on Assets?

• Assets: valuable things – the business cares!

• But what’s an asset?

– Something an attacker wants?

– Something you want to protect?

– A stepping stone?

Engineering Real Technology

• Need an engineering approach

– Predictable

– Reliable

– Scalable to a large product

• Can’t be dependent on one brilliant person

Focus on What You’re Building!

• Ideally, you understand it

• Concrete and testable?

Why is it important for you to develop both technique and repertoire as a part of threat

modeling?

How to Threat Model (Summary)

• What are you building?

• What can go wrong?

• What are you going to do about it?

• Check your work on 1-3

• The course will teach you practical skills for each of these

Recap

• Threat modeling is about structured ways to find problems early in development

• Many of the obvious ways (attackers, assets) aren’t repeatable and scalable

• Focus in on 4 key questions

– Tools to help you with each