Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.basic.visual.misc > #3597
| Newsgroups | comp.lang.basic.visual.misc |
|---|---|
| Date | 2024-01-02 06:32 -0800 |
| Message-ID | <eee2c86e-587a-4793-a2a7-141c9568c8b7n@googlegroups.com> (permalink) |
| Subject | Microsoft Stride Threat Model Download |
| From | Darline Wolkow <wolkowdarline@gmail.com> |
The STRIDE was initially created as part of the process of threat modeling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows, and trust boundaries.[5] The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. As a result, it greatly reduces the total cost of development. Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models. microsoft stride threat model download DOWNLOAD https://3insummcredse.blogspot.com/?aa=2x1cLA There are multiple approaches to threat modeling, and anyone who tells you his method is the only right one is mistaken. There aren't any well-established ways to measure the quality of a threat model, and even the term "threat" is open to interpretation. Of course that's the nature of the beast; even in the more mature field of cryptography, many popular algorithms have not been proven to be secure. But, while we can't often prove that a given design is secure, we can learn from our mistakes and avoid repeating them. That is the essence of threat modeling. In this article we'll present a systematic approach to threat modeling developed in the Security Engineering and Communications group at Microsoft. Like the rest of the Security Development Lifecycle, threat modeling continues to evolve and to be applied in new contexts. As you create your own processes for developing secure code, this approach might serve you well as a baseline. One way to ensure your applications have these properties is to employ threat modeling using STRIDE, an acronym for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Figure 3 maps threats to the properties that guard against them. Getting the DFD right is key to getting the threat model right. Spend enough time on yours, making sure all the pieces of your system are represented. Have you noted all the files and registry keys your app touches? Are you reading data from the environment? If you stop at this point, your threat model will be limited not only by what you know, but what you happen to remember at the time you're working on it. You not only have to think like an attacker, you have to think like all attackers. Simultaneously. Data Flow 2: Sales System List to Collection Similar threats exist for sales system list collection. Someone could tamper with the data by inserting a new system into the list of salespeople that could allow the input of false data. Removal of a system could prevent a salesperson from being able to register sales. (This could be modeled as a denial of service. We call it tampering. Don't get too hung up over the terminology.) For example, what if the analysis database is stored on another machine? The threat model as written seems to suggest that the collection process is housed on the same machine as the database, but perhaps it's not. Perhaps the modeler made an incorrect assumption, or the decision hasn't yet been made. Data Store 3: Laptops Tampering with laptops may allow an attacker to steal data or access control tidbits such as passwords, keys, or certificates. An attacker could install spyware to give himself ongoing access to the system. This probably crosses threat models into other projects, but if you're designing a system that can't reasonably be managed, that may make your customers or users less secure. All information on a laptop is fair game if the attacker controls it. Again, threats here probably involve more than just this part of the threat model. The ideal situation is to mitigate a threat with a strong, well-understood solution. For example, using strong cryptography appropriately is believed to be a strong countermeasure to many types of information disclosure threats. You may never be able to prove that a defense is perfect. However, one of the nice things about the STRIDE model is that it gives you insight into the nature of the mitigations you need. Simply recasting Figure 3 in terms of available technologies gives you an idea of what kinds of mitigations are necessary. Choosing a technology can be challenging, however. In general, I've found that asking two simple questions can be helpful: can the technology be used to mitigate the threat, and would it actually be used in the scenario you're concerned with? Maybe the attack is mitigated somehow and maybe it isn't. But understanding whether an attack is possible and uncovering attacks that haven't been thought of before are part of the main goal of threat modeling. As you strive to develop secure software, we recommend threat modeling as a key part of your process, and specifically the STRIDE model presented in this article. But the key point is to find a method that works for you, apply it early in your design, keep in mind that any component can fail, and do the necessary research to ensure you've accounted for known attack patterns. STRIDE threat modeling is a specific kind of threat modeling methodology (or method). It is a mnemonic of six types of security threats. Each letter of STRIDE stands for one of the six types of security threats: STRIDE threat modeling was first developed and used by two developers Praerit Garg and Loren Kohnfelder at Microsoft. It has been used for many years (and decades) at Microsoft to help secure their software and software development processes. Spoofing is a type of threat whereby an attacker maliciously impersonates (or pretends to be) a different user (or system). You can also use Spoofing more loosely during STRIDE threat modeling to classify threats related to users and access rights. A technical diagram will tell you how your threat modeling target works, how it behaves, how it interacts with key components and actors. It will also communicate these things to your team members and fellow threat modelers. A technical diagram such as a Data Flow Diagram (DFD) does not have to be an exact representation of your threat model target. It merely needs to highlight the important components, communication flows, actors, etc. In fact, diving too deeply into a technical diagram will distract from focusing on the important components (and potential threats). STRIDE threat modeling is an approach to integrating earlier in your software development lifecycle (SDLC). As a threat modeling methodology, the STRIDE framework is used to map out your application based on it's unique use cases and business logic. Therefore, it can be used to identify and eliminate potential vulnerabilities before a single line of code is written. You can also come back to the STRIDE framework anytime while your application is being developed or in production, and every time you release new code to see how it will affect your application's overall attack vector. Employing threat modeling should be your first step toward building networks, systems, and applications that will be secure by design. STRIDE is a model of threats that can be used as a framework in ensuring secure application design. The image below is an example of a tampering attack tree (another threat modeling activity) of a 3D concrete printing system. Image provided from the publication Threat Modeling in Construction: An Example of a 3D Concrete Printing System. One reason that threat modeling is performed as a first step is to obtain an objective viewpoint of the big picture for the project. It will also help define the locations of potential security vulnerabilities. This process can be done once the design has been defined conceptually. No threat modeling technique is perfectly tailored to a specific use. You should choose the one that most closely aligns with your goals. However, your DevOps team should be encouraged to adapt or customize threat modelling techniques to better fit their specific use case. Going forward, remember that your threat model is a living document and needs to be constantly reviewed and updated. After a system wide threat model has been performed it can be valuable to perform mini threat models as a secure engineering design requirement. Software Secured offers professional Threat Modeling services as a key feature our Penetration Testing as a Service core offering. If you are interested to learn more or book a threat modeling service, please book a call with us. Spoofing identity involves a hacker pretending to be another person with the intention of theft of important data or gaining access to highly encrypted portals. An easy example of spoofing identity for amateurs in STRIDE and threat modeling is an email sent from a false email address pretending to be from someone else and manipulating the recipient to trust the sender with its data and authentication. STRIDE threat modeling methodology is a very useful methodology that helps to decrease the chances of vulnerabilities and threats to exploit a system or network. Following are the top 5 benefits of the STRIDE threat model. In order to fight malicious behavior, you must use strategies like the STRIDE threat model. This helps to improve awareness of different threats. For example, it will uncover the need for monitoring, logging, and alerts. Also, you should eliminate the threats by strengthening authentication and developing data protection safeguards. And it is important to ensure Confidentiality and availability and protect against cyber attacks. Moreover, STRIDE helps to rank the emerging threats in priority. They also help to analyze how easily threats can reproduce, their overall impact, etc. You can use IoT devices to identify threats and existing vulnerabilities in your systems. However, by using a STRIDE threat model to identify risks, you can continue protecting IoT devices from security flaws. 35fe9a5643
Back to comp.lang.basic.visual.misc | Previous | Next | Find similar
Microsoft Stride Threat Model Download Darline Wolkow <wolkowdarline@gmail.com> - 2024-01-02 06:32 -0800
csiph-web