Risk Centric Threat Modeling
eBook - ePub

Risk Centric Threat Modeling

Process for Attack Simulation and Threat Analysis

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Risk Centric Threat Modeling

Process for Attack Simulation and Threat Analysis

About this book

This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.  

This book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the focus of Chapter 5.  Chapter 6 and Chapter 7 examine Process for Attack Simulation and Threat Analysis (PASTA). Finally, Chapter 8 shows how to use the PASTA risk-centric threat modeling process to analyze the risks of specific threat agents targeting web applications. This chapter focuses specifically on the web application assets that include customer's confidential data and business critical functionality that the web application provides.

• Provides a detailed walkthrough of the PASTA methodology alongside software development activities, normally conducted via a standard SDLC process

• Offers precise steps to take when combating threats to businesses

• Examines real-life data breach incidents and lessons for risk management

Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis is a resource for software developers, architects, technical risk managers, and seasoned security professionals. 

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Risk Centric Threat Modeling by Tony UcedaVelez,Marco M. Morana in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & Terrorism. We have over one million books available in our catalogue for you to explore.

CHAPTER 1
THREAT MODELING OVERVIEW

DEFINITIONS

[Application] Threat Modeling – a strategic process aimed at considering possible attack scenarios and vulnerabilities within a proposed or existing application environment for the purpose of clearly identifying risk and impact levels.
Definitions for any type of terminology are necessary evils. While seemingly elementary and potentially annoying, they provide a common ground from which to build. Providing a well-constructed definition also level-sets threat modeling's intended design as a process-oriented control for application security, versus interpretations that mutate its intent and true capability.
In this book, the expression “threat modeling” is reserved for software development and application security efforts. Within the topical boundaries of application security, the aforementioned definition provides some fundamental terms that should resonate with anyone who understands the very nature of security risk management and has implemented the threat modeling machine.
A closer examination of the definition provided reveals greater insights into the essential components that are threat modeling. The first emphasized term, strategic, describes a quality of threat modeling reflected in its ability to anticipate threats via calculated and simulated attack patterns. Each major function within the threat modeling process requires a great deal of consideration and anticipation of multiple risk factors influenced by threat, vulnerability, and impact levels.
Process is one of threat modeling's key, distinguishing qualities. A chain-like reaction of tactical events is conducted across multiple domains (business objectives, system/database administration, vulnerability management, etc.) where additional review, input, and contribution is provided by other stakeholders within the process – all in relation to a protected application environment. To date, the lack of process within information security efforts has accounted for several shortcomings in mitigating security risks introduced by deficiencies in application security, and in many cases acted as causal factors to those noted deficiencies. Although there are isolated victories in traditional security efforts, a growing sentiment is that the war against software exploitation is being lost. Threat modeling is intended to greatly revitalize the effort in securing data via a collaborative, strategic process.
The next term, attack, reflects a major science to threat modeling – the discipline of researching how attack patterns can potentially exploit software vulnerabilities and/or poorly designed countermeasures. The hierarchy of an attack becomes dissected via threat modeling techniques, exposing faults in application design and/or software development, as well as other practical yet key areas, such as unveiling plausible motives for which an attacker initially sought to launch their assault.
Vulnerabilities is a term used far more prevalently within other information security efforts. In the scope of threat modeling, however, its use extends the manner in which software vulnerabilities are understood. Vulnerabilities at the platform and software levels are aggregated and correlated to possible attack scenarios. As a result, this term is an essential component to its definition, as we will see in later chapters.
The application environment expression serves as the object of the threat modeling process. Other traditional security procedures simply address a single aspect of an entire application environment, thereby negating a more holistic approach to application security. This is not to state that these more isolated procedures are not important, but rather that the sum of their individual benefits is encompassed in the process of threat modeling and applied to the entire application environment.
The term risk serves as the object of key interest to threat modeling. Threat modeling, as a supportive role in fulfilling business objectives, seeks to identify risks associated with the cumulative effects of an ever-evolving threat environment, compounded by software/network vulnerabilities, and fueled by attack motives or interest in business information – all managed and/or driven by an application environment. Threat modeling provides greater precision in conveying risk through providing a clear path on how a business application environment could be compromised and the probability of the actual risk. In essence, risk becomes the common glue that unifies security and business professionals in a collaborative effort to protect the enterprise.
Within the threat modeling definition, impact is the ability to answer the question “How bad is it?” Unless security professionals consider all possible threat scenarios in order to generate a prioritized, risk-based analysis, they cannot provide an effective and credible answer. As answers morph into speculations and continue downhill, security professionals are again unable to convey an adequate and plausible answer to this question. Threat modeling divides a threat into multiple attacks, making it easier to see how each attack scenario unfolds. For each scenario, impact of any adverse aftermath can be ascertained with greater accuracy, thereby reestablishing the credibility of the security analysis. The ability to understand impact is central to reporting a threat. Devoid of this capability, identifying and communicating threats merely becomes an exercise built around hype and fear factor.

ORIGINS AND USE

It is only one who is thoroughly acquainted with the evils of war that can thoroughly understand the profitable way of carrying it on.
Sun Tzu, Art of War
Despite its trite and oversensationalized use in numerous other security publications, Sun Tzu's quotation is still very relevant to application threat modeling, particularly in its goal to imagine attack scenarios from possible adversaries. Although we are focusing on threat modeling as it applies to software development and application security efforts, we must also consider the origins of threat modeling and other ways it is applied. This chapter provides a comparative look as to how threat modeling, in its original form, has been applied in hostile environments that encompass both physical and logical attacks, most notably in tactical military operations. Though looking at threat modeling in a context outside of application security may seem irrelevant, it is important to understand a historical use. Threat modeling's past uses are not only useful to learn and remember, but also provide an appreciation as to how strategic analysis becomes a fundamental part of the process.

Topicality of Military Threat Modeling

By understanding the historical usage of threat modeling, security professionals at large can evolve a mindset built around strategy rather than segregated and disorganized knee-jerk responses. Thus far, the outcomes of reactive methods have fallen short of adequately addressing a growing number of threats to application environments worldwide. The gap between the complexities of attack patterns and advancements in countermeasures continues to widen. Lending from military origins, threat modeling develops the discipline behind threat analysis. For decades, the US military has leveraged threat modeling to obtain improved insight as to how an enemy could adversely affect US interests or military forces. This analysis encompasses the examination of an enemy's motives, capabilities, and likely attack scenarios as part of an overall objective of defending against as many viable attack scenarios as possible. Similarly, application threat modeling extends the capabilities and resources of security professionals. Lending from this process, professionals can dissect and understand attacks, correlating them across multiple application vulnerabilities. Security professionals who learn from the military's application of threat modeling will be able to introduce innovation where it has been significantly lacking – intelligence correlation. Specifically related to the ability to correlate exploits and vulnerabilities and ultimately map these factors to possible misuse cases prove to be a key value-add to threat modeling.

Profiting from Threat Modeling in War

In Sun Tzu's quotation, the phrase “profitable way of carrying it on” noticeably stands out. While profit is not usually associated with war, here it refers to the gain or reward received from understanding the evils of war. The gains are the avoided risks that could have introduced mission critical impact levels. In essence, most military strategists adhere to the philosophy of profiting from the realities of war via improved preparedness. A military's application of threat modeling is able to provide this capability in part through the use of threat modeling techniques. Threat modeling allows the evils of war to be better recognized using thought-out simulations. Although not all possible scenarios can be considered and modeled, the military seeks to play out the most probable attack scenarios. Ultimately, threat modeling is not able to eliminate the possibility of attack, but instead increases the state of readiness for which a military unit can effectively respond to a threat.

Threat Modeling @ DoD

Several divisions within the US Department of Defense have effectively applied threat modeling techniques to identify war's collateral risks such as casualties, illnesses, and adverse economic and environmental effects. The US Army and NASA have used Ballistic Missile Threat Modeling for more than 50 years. By applying intelligence gathered from foreign missile systems, the United States fortified their overall missile defense system. Over the yea...

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Table of Contents
  5. Dedication
  6. FOREWORD
  7. PREFACE
  8. LIST OF FIGURES
  9. LIST OF TABLES
  10. CHAPTER 1: THREAT MODELING OVERVIEW
  11. CHAPTER 2: OBJECTIVES AND BENEFITS OF THREAT MODELING
  12. CHAPTER 3: EXISTING THREAT MODELING APPROACHES
  13. CHAPTER 4: THREAT MODELING WITHIN THE SDLC
  14. CHAPTER 5: THREAT MODELING AND RISK MANAGEMENT
  15. CHAPTER 6: INTRO TO PASTA
  16. CHAPTER 7: DIVING DEEPER INTO PASTA
  17. CHAPTER 8: PASTA USE CASE
  18. GLOSSARY
  19. REFERENCES
  20. INDEX
  21. End User License Agreement