eBook - ePub
Risk Centric Threat Modeling
Process for Attack Simulation and Threat Analysis
Tony UcedaVelez, Marco M. Morana
This is a test
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Risk Centric Threat Modeling
Process for Attack Simulation and Threat Analysis
Tony UcedaVelez, Marco M. Morana
Book details
Book preview
Table of contents
Citations
About This Book
This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.
This book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the focus of Chapter 5. Chapter 6 and Chapter 7 examine Process for Attack Simulation and Threat Analysis (PASTA). Finally, Chapter 8 shows how to use the PASTA risk-centric threat modeling process to analyze the risks of specific threat agents targeting web applications. This chapter focuses specifically on the web application assets that include customer's confidential data and business critical functionality that the web application provides.
• Provides a detailed walkthrough of the PASTA methodologyalongside software development activities, normally conducted via a standard SDLC process
• Offers precise steps to take when combating threats to businesses
• Examines real-life data breach incidents and lessons for risk management
Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis is a resource for software developers, architects, technical risk managers, and seasoned security professionals.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Risk Centric Threat Modeling an online PDF/ePUB?
Yes, you can access Risk Centric Threat Modeling by Tony UcedaVelez, Marco M. Morana in PDF and/or ePUB format, as well as other popular books in Politique et relations internationales & Terrorisme. We have over one million books available in our catalogue for you to explore.
Information
CHAPTER 1
THREAT MODELING OVERVIEW
DEFINITIONS
[Application] Threat Modeling – a strategic process aimed at considering possible attack scenarios and vulnerabilities within a proposed or existing application environment for the purpose of clearly identifying risk and impact levels.
Definitions for any type of terminology are necessary evils. While seemingly elementary and potentially annoying, they provide a common ground from which to build. Providing a well-constructed definition also level-sets threat modeling's intended design as a process-oriented control for application security, versus interpretations that mutate its intent and true capability.
In this book, the expression “threat modeling” is reserved for software development and application security efforts. Within the topical boundaries of application security, the aforementioned definition provides some fundamental terms that should resonate with anyone who understands the very nature of security risk management and has implemented the threat modeling machine.
A closer examination of the definition provided reveals greater insights into the essential components that are threat modeling. The first emphasized term, strategic, describes a quality of threat modeling reflected in its ability to anticipate threats via calculated and simulated attack patterns. Each major function within the threat modeling process requires a great deal of consideration and anticipation of multiple risk factors influenced by threat, vulnerability, and impact levels.
Process is one of threat modeling's key, distinguishing qualities. A chain-like reaction of tactical events is conducted across multiple domains (business objectives, system/database administration, vulnerability management, etc.) where additional review, input, and contribution is provided by other stakeholders within the process – all in relation to a protected application environment. To date, the lack of process within information security efforts has accounted for several shortcomings in mitigating security risks introduced by deficiencies in application security, and in many cases acted as causal factors to those noted deficiencies. Although there are isolated victories in traditional security efforts, a growing sentiment is that the war against software exploitation is being lost. Threat modeling is intended to greatly revitalize the effort in securing data via a collaborative, strategic process.
The next term, attack, reflects a major science to threat modeling – the discipline of researching how attack patterns can potentially exploit software vulnerabilities and/or poorly designed countermeasures. The hierarchy of an attack becomes dissected via threat modeling techniques, exposing faults in application design and/or software development, as well as other practical yet key areas, such as unveiling plausible motives for which an attacker initially sought to launch their assault.
Vulnerabilities is a term used far more prevalently within other information security efforts. In the scope of threat modeling, however, its use extends the manner in which software vulnerabilities are understood. Vulnerabilities at the platform and software levels are aggregated and correlated to possible attack scenarios. As a result, this term is an essential component to its definition, as we will see in later chapters.
The application environment expression serves as the object of the threat modeling process. Other traditional security procedures simply address a single aspect of an entire application environment, thereby negating a more holistic approach to application security. This is not to state that these more isolated procedures are not important, but rather that the sum of their individual benefits is encompassed in the process of threat modeling and applied to the entire application environment.
The term risk serves as the object of key interest to threat modeling. Threat modeling, as a supportive role in fulfilling business objectives, seeks to identify risks associated with the cumulative effects of an ever-evolving threat environment, compounded by software/network vulnerabilities, and fueled by attack motives or interest in business information – all managed and/or driven by an application environment. Threat modeling provides greater precision in conveying risk through providing a clear path on how a business application environment could be compromised and the probability of the actual risk. In essence, risk becomes the common glue that unifies security and business professionals in a collaborative effort to protect the enterprise.
Within the threat modeling definition, impact is the ability to answer the question “How bad is it?” Unless security professionals consider all possible threat scenarios in order to generate a prioritized, risk-based analysis, they cannot provide an effective and credible answer. As answers morph into speculations and continue downhill, security professionals are again unable to convey an adequate and plausible answer to this question. Threat modeling divides a threat into multiple attacks, making it easier to see how each attack scenario unfolds. For each scenario, impact of any adverse aftermath can be ascertained with greater accuracy, thereby reestablishing the credibility of the security analysis. The ability to understand impact is central to reporting a threat. Devoid of this capability, identifying and communicating threats merely becomes an exercise built around hype and fear factor.
ORIGINS AND USE
It is only one who is thoroughly acquainted with the evils of war that can thoroughly understand the profitable way of carrying it on.Sun Tzu, Art of War
Despite its trite and oversensationalized use in numerous other security publications, Sun Tzu's quotation is still very relevant to application threat modeling, particularly in its goal to imagine attack scenarios from possible adversaries. Although we are focusing on threat modeling as it applies to software development and application security efforts, we must also consider the origins of threat modeling and other ways it is applied. This chapter provides a comparative look as to how threat modeling, in its original form, has been applied in hostile environments that encompass both physical and logical attacks, most notably in tactical military operations. Though looking at threat modeling in a context outside of application security may seem irrelevant, it is important to understand a historical use. Threat modeling's past uses are not only useful to learn and remember, but also provide an appreciation as to how strategic analysis becomes a fundamental part of the process.
Topicality of Military Threat Modeling
By understanding the historical usage of threat modeling, security professionals at large can evolve a mindset built around strategy rather than segregated and disorganized knee-jerk responses. Thus far, the outcomes of reactive methods have fallen short of adequately addressing a growing number of threats to application environments worldwide. The gap between the complexities of attack patterns and advancements in countermeasures continues to widen. Lending from military origins, threat modeling develops the discipline behind threat analysis. For decades, the US military has leveraged threat modeling to obtain improved insight as to how an enemy could adversely affect US interests or military forces. This analysis encompasses the examination of an enemy's motives, capabilities, and likely attack scenarios as part of an overall objective of defending against as many viable attack scenarios as possible. Similarly, application threat modeling extends the capabilities and resources of security professionals. Lending from this process, professionals can dissect and understand attacks, correlating them across multiple application vulnerabilities. Security professionals who learn from the military's application of threat modeling will be able to introduce innovation where it has been significantly lacking – intelligence correlation. Specifically related to the ability to correlate exploits and vulnerabilities and ultimately map these factors to possible misuse cases prove to be a key value-add to threat modeling.
Profiting from Threat Modeling in War
In Sun Tzu's quotation, the phrase “profitable way of carrying it on” noticeably stands out. While profit is not usually associated with war, here it refers to the gain or reward received from understanding the evils of war. The gains are the avoided risks that could have introduced mission critical impact levels. In essence, most military strategists adhere to the philosophy of profiting from the realities of war via improved preparedness. A military's application of threat modeling is able to provide this capability in part through the use of threat modeling techniques. Threat modeling allows the evils of war to be better recognized using thought-out simulations. Although not all possible scenarios can be considered and modeled, the military seeks to play out the most probable attack scenarios. Ultimately, threat modeling is not able to eliminate the possibility of attack, but instead increases the state of readiness for which a military unit can effectively respond to a threat.
Threat Modeling @ DoD
Several divisions within the US Department of Defense have effectively applied threat modeling techniques to identify war's collateral risks such as casualties, illnesses, and adverse economic and environmental effects. The US Army and NASA have used Ballistic Missile Threat Modeling for more than 50 years. By applying intelligence gathered from foreign missile systems, the United States fortified their overall missile defense system. Over the yea...
Table of contents
Citation styles for Risk Centric Threat Modeling
APA 6 Citation
UcedaVelez, T., & Morana, M. (2015). Risk Centric Threat Modeling (1st ed.). Wiley. Retrieved from https://www.perlego.com/book/996800/risk-centric-threat-modeling-process-for-attack-simulation-and-threat-analysis-pdf (Original work published 2015)
Chicago Citation
UcedaVelez, Tony, and Marco Morana. (2015) 2015. Risk Centric Threat Modeling. 1st ed. Wiley. https://www.perlego.com/book/996800/risk-centric-threat-modeling-process-for-attack-simulation-and-threat-analysis-pdf.
Harvard Citation
UcedaVelez, T. and Morana, M. (2015) Risk Centric Threat Modeling. 1st edn. Wiley. Available at: https://www.perlego.com/book/996800/risk-centric-threat-modeling-process-for-attack-simulation-and-threat-analysis-pdf (Accessed: 14 October 2022).
MLA 7 Citation
UcedaVelez, Tony, and Marco Morana. Risk Centric Threat Modeling. 1st ed. Wiley, 2015. Web. 14 Oct. 2022.