Google Ads
This is a transcript for a video linked here: Security Threat Modelling / Analysis using STRIDE and the Microsoft Threat Analysis Tool.
00:00:00.160 --> 00:00:06.240 this is a quick introduction to threat modeling and analysis looking at the stride categorization 00:00:06.240 --> 00:00:10.880 scheme this is going to cover the theory and in a future video i'm going to show you how this 00:00:10.880 --> 00:00:19.600 could be put into a practice with a real world example modelling is a way to identify categorize 00:00:19.600 --> 00:00:26.480 and analyze threats looking at the potential harm the possibility of occurrence i.e the likelihood 00:00:27.360 --> 00:00:32.320 the priority of concern and then the means to eradicate or reduce the threat 00:00:33.680 --> 00:00:38.640 one of the reasons for threat modelling is being able to identify where to deploy resources based 00:00:38.640 --> 00:00:44.400 on the risks and the importance of the data and systems for example you wouldn't need the same 00:00:44.400 --> 00:00:49.600 level of security for an information system that shows the canteen menu on an internal display 00:00:50.320 --> 00:00:54.480 as you might need on a system that holds client credit card information 00:00:55.280 --> 00:01:01.920 in an ideal world you would want them both to be secure in the real world you need to identify 00:01:01.920 --> 00:01:07.760 the risks and deploy appropriate resources accordingly the threat modeling is also important 00:01:07.760 --> 00:01:13.760 for all the services but the actual risks and resources may vary based on different systems 00:01:15.760 --> 00:01:20.800 so when to perform the analysis you can perform analysis at just about any stage in the software 00:01:20.800 --> 00:01:28.880 life cycle this diagram is based around a typical software development life cycle the same diagram 00:01:28.880 --> 00:01:34.640 would be used if you're using off-the-shelf software with the development being replaced 00:01:34.640 --> 00:01:41.120 by selection and configuration of the software as a general rule the earlier you perform the 00:01:41.120 --> 00:01:47.280 analysis the cheaper it is to add the additional security it's usually a good idea to revisit the 00:01:47.280 --> 00:01:54.160 analysis at a later stage in case anything changes the life cycle normally starts with the strategy 00:01:54.160 --> 00:02:00.000 at the top and then goes clockwise you really need some kind of initial design to start the analysis 00:02:00.640 --> 00:02:04.560 although you could even start before then if you have some ideas of how it will be implemented 00:02:05.680 --> 00:02:10.320 there are almost infinite number of threats it's therefore important to take a structured approach 00:02:11.120 --> 00:02:17.040 we look at this by focusing on assets also identify the value of the assets and threats 00:02:17.040 --> 00:02:23.440 to them or it could be focused on attackers you may want to focus on potential attackers 00:02:23.440 --> 00:02:30.640 and threats based on their motivation for trying to attack you this is particularly 00:02:30.640 --> 00:02:35.840 relevant to certain organizations who may have informational resources that may be targeted 00:02:37.360 --> 00:02:41.680 or it could be focused on software if you're developing software then you can look at 00:02:41.680 --> 00:02:50.000 the software during the development process to ensure that you include security features in that 00:02:50.000 --> 00:02:55.120 so here i'm looking at stride this is a threat categorization scheme from microsoft 00:02:56.080 --> 00:02:59.280 this is something that can be applied to software development but it can also be 00:02:59.280 --> 00:03:05.280 used for off-the-shelf products as a way you can review suitability and specific configurations 00:03:06.880 --> 00:03:11.440 stride is a mnemonic and it describes the possible attack vectors against the system 00:03:12.320 --> 00:03:19.840 s for spoofing t for tampering r for repudiation i for information disclosure 00:03:20.560 --> 00:03:24.080 d for denial of service and e for elevation of privilege 00:03:26.800 --> 00:03:33.840 spoofing is essentially pretending to be someone else or some other device this may allow them to 00:03:33.840 --> 00:03:40.320 get through filters or blockades this may be one reason that less important systems still 00:03:40.320 --> 00:03:46.080 need to be kept secure in case they're used as a stepping stone to more important systems 00:03:46.080 --> 00:03:50.480 another thing that an attacker may be trying to achieve is to get a higher privilege 00:03:50.480 --> 00:03:55.920 than they are otherwise entitled to different from elevation of privilege which i'll explain 00:03:55.920 --> 00:04:03.280 later but this is where you're trying to get straight in as a higher privileged user 00:04:05.920 --> 00:04:09.280 as it suggests tampering is the manipulation of data 00:04:10.480 --> 00:04:16.640 this could be in storage such as saved on disk or in a database or it could be in transit which 00:04:16.640 --> 00:04:21.200 could mean traveling over a network connection or being transferred from disk to memory 00:04:22.640 --> 00:04:28.880 one of the concerns about tampering is identifying what damage has been done for example knowing 00:04:28.880 --> 00:04:33.840 whether the data that you're looking at is safe or whether it's being tampered with 00:04:38.000 --> 00:04:43.840 repudiation is about identifying who has done what on a system it's about stopping someone 00:04:43.840 --> 00:04:51.760 claiming shaggy would say it wasn't me in some circumstances this goes hand in hand with spoofing 00:04:51.760 --> 00:04:58.880 in that if someone is able to spoof an entry then how can you prove who is responsible there's also 00:04:58.880 --> 00:05:03.920 the risk that a third party could be being blamed for something that's been done by somebody else 00:05:08.720 --> 00:05:14.160 information disclosure is when some private confidential or controlled information is stolen 00:05:15.360 --> 00:05:23.760 particular concerns include personal identifiable information credit card details or company secrets 00:05:23.760 --> 00:05:29.520 but it could also include information that allows the attacker further access or makes it easier for 00:05:29.520 --> 00:05:35.920 them to impersonate someone in the event of an information disclosure then it may be necessary 00:05:36.480 --> 00:05:41.680 to notify clients and it can result in damage to their company reputation 00:05:45.680 --> 00:05:49.920 the denial of service is where an attacker prevents the authorized use of a resource 00:05:50.720 --> 00:05:56.000 this may include a service such as a website could mean that a business is 00:05:56.000 --> 00:06:00.560 unable to operate if this is an attack against the service that is needed to 00:06:00.560 --> 00:06:06.320 keep that business running imagine computers controlling a manufacturing production line 00:06:11.120 --> 00:06:14.960 an escalation of privilege is where someone is able to increase their level of permission 00:06:15.520 --> 00:06:19.840 perhaps gaining admin or root privileges 00:06:21.440 --> 00:06:26.640 to perform the stride analysis you normally start with a data flow diagram such as the one shown 00:06:26.640 --> 00:06:33.280 here this identifies where data flows from one system or part of a system to another you then 00:06:33.280 --> 00:06:38.640 look at each of the data flows and apply the six attack types and identify the threats and risks 00:06:42.000 --> 00:06:45.360 you can then build up an analysis based on the identified threats 00:06:47.120 --> 00:06:51.600 this screen here shows the microsoft threat analysis tool which is one of the ways that 00:06:51.600 --> 00:06:58.480 you can do this alternatively you could do this manually looking at common threats there are pros 00:06:58.480 --> 00:07:03.600 and cons to each methods and i'll be looking at these in much more detail in a future video 00:07:07.680 --> 00:07:10.560 stride is just one of the threat modelling tools that can be used 00:07:11.520 --> 00:07:16.080 it is simple to apply it's something i've recently used on an open source project i'm working on 00:07:17.680 --> 00:07:22.400 this video has been an introduction to the theory i also plan to make a video showing how this can 00:07:22.400 --> 00:07:28.400 be applied to the actual project so if you'd like to see that and other cyber security videos 00:07:28.400 --> 00:07:32.880 please click subscribe and click on the notification icon to get notified about them 00:07:34.560 --> 00:07:40.240 thanks for watching and i hope to see you again in a future video
