Threat Modeling : Designing for Security.
Title:
Threat Modeling : Designing for Security.
Author:
Shostack, Adam.
ISBN:
9781118822692
Personal Author:
Edition:
1st ed.
Physical Description:
1 online resource (627 pages)
Contents:
Cover -- Title Page -- Copyright -- Contents -- Introduction -- Part I Getting Started -- Chapter 1 Dive In and Threat Model! -- Learning to Threat Model -- What Are You Building? -- What Can Go Wrong? -- Addressing Each Threat -- Checking Your Work -- Threat Modeling on Your Own -- Checklists for Diving In and Threat Modeling -- Summary -- Chapter 2 Strategies for Threat Modeling -- "What's Your Threat Model?" -- Brainstorming Your Threats -- Brainstorming Variants -- Literature Review -- Perspective on Brainstorming -- Structured Approaches to Threat Modeling -- Focusing on Assets -- Focusing on Attackers -- Focusing on Software -- Models of Software -- Types of Diagrams -- Trust Boundaries -- What to Include in a Diagram -- Complex Diagrams -- Labels in Diagrams -- Color in Diagrams -- Entry Points -- Validating Diagrams -- Summary -- Part II Finding Threats -- Chapter 3 STRIDE -- Understanding STRIDE and Why It's Useful -- Spoofing Threats -- Spoofing a Process or File on the Same Machine -- Spoofing a Machine -- Spoofing a Person -- Tampering Threats -- Tampering with a File -- Tampering with Memory -- Tampering with a Network -- Repudiation Threats -- Attacking the Logs -- Repudiating an Action -- Information Disclosure Threats -- Information Disclosure from a Process -- Information Disclosure from a Data Store -- Information Disclosure from a Data Flow -- Denial-of-Service Threats -- Elevation of Privilege Threats -- Elevate Privileges by Corrupting a Process -- Elevate Privileges through Authorization Failures -- Extended Example: STRIDE Threats against Acme-DB -- STRIDE Variants -- STRIDE-per-Element -- STRIDE-per-Interaction -- DESIST -- Exit Criteria -- Summary -- Chapter 4 Attack Trees -- Working with Attack Trees -- Using Attack Trees to Find Threats -- Creating New Attack Trees -- Representing a Tree.
Human-Viewable Representations -- Structured Representations -- Example Attack Tree -- Real Attack Trees -- Fraud Attack Tree -- Election Operations Assessment Threat Trees -- Mind Maps -- Perspective on Attack Trees -- Summary -- Chapter 5 Attack Libraries -- Properties of Attack Libraries -- Libraries and Checklists -- Libraries and Literature Reviews -- CAPEC -- Exit Criteria -- Perspective on CAPEC -- OWASP Top Ten -- Summary -- Chapter 6 Privacy Tools -- Solove's Taxonomy of Privacy -- Privacy Considerations for Internet Protocols -- Privacy Impact Assessments (PIA) -- The Nymity Slider and the Privacy Ratchet -- Contextual Integrity -- Contextual Integrity Decision Heuristic -- Augmented Contextual Integrity Heuristic -- Perspective on Contextual Integrity -- LINDDUN -- Summary -- Part III Managing and Addressing Threats -- Chapter 7 Processing and Managing Threats -- Starting the Threat Modeling Project -- When to Threat Model -- What to Start and (Plan to) End With -- Where to Start -- Digging Deeper into Mitigations -- The Order of Mitigation -- Playing Chess -- Prioritizing -- Running from the Bear -- Tracking with Tables and Lists -- Tracking Threats -- Making Assumptions -- External Security Notes -- Scenario-Specific Elements of Threat Modeling -- Customer/Vendor Trust Boundary -- New Technologies -- Threat Modeling an API -- Summary -- Chapter 8 Defensive Tactics and Technologies -- Tactics and Technologies for Mitigating Threats -- Authentication: Mitigating Spoofing -- Integrity: Mitigating Tampering -- Non-Repudiation: Mitigating Repudiation -- Confidentiality: Mitigating Information Disclosure -- Availability: Mitigating Denial of Service -- Authorization: Mitigating Elevation of Privilege -- Tactic and Technology Traps -- Addressing Threats with Patterns -- Standard Deployments.
Addressing CAPEC Threats -- Mitigating Privacy Threats -- Minimization -- Cryptography -- Compliance and Policy -- Summary -- Chapter 9 Trade-Offs When Addressing Threats -- Classic Strategies for Risk Management -- Avoiding Risks -- Addressing Risks -- Accepting Risks -- Transferring Risks -- Ignoring Risks -- Selecting Mitigations for Risk Management -- Changing the Design -- Applying Standard Mitigation Technologies -- Designing a Custom Mitigation -- Fuzzing Is Not a Mitigation -- Threat-Specific Prioritization Approaches -- Simple Approaches -- Threat-Ranking with a Bug Bar -- Cost Estimation Approaches -- Mitigation via Risk Acceptance -- Mitigation via Business Acceptance -- Mitigation via User Acceptance -- Arms Races in Mitigation Strategies -- Summary -- Chapter 10 Validating That Threats Are Addressed -- Testing Threat Mitigations -- Test Process Integration -- How to Test a Mitigation -- Penetration Testing -- Checking Code You Acquire -- Constructing a Software Model -- Using the Software Model -- QA'ing Threat Modeling -- Model/Reality Conformance -- Task and Process Completion -- Bug Checking -- Process Aspects of Addressing Threats -- Threat Modeling Empowers Testing -- Testing Empowers Threat Modeling -- Validation/Transformation -- Document Assumptions as You Go -- Tables and Lists -- Summary -- Chapter 11 Threat Modeling Tools -- Generally Useful Tools -- Whiteboards -- Office Suites -- Bug-Tracking Systems -- Open-Source Tools -- TRIKE -- SeaMonster -- Elevation of Privilege -- Commercial Tools -- ThreatModeler -- Corporate Threat Modeller -- SecurITree -- Little-JIL -- Microsoft's SDL Threat Modeling Tool -- Tools That Don't Exist Yet -- Summary -- Part IV Threat Modeling in Technologies and Tricky Areas -- Chapter 12 Requirements Cookbook -- Why a "Cookbook"?.
The Interplay of Requirements, Threats, and Mitigations -- Business Requirements -- Outshining the Competition -- Industry Requirements -- Scenario-Driven Requirements -- Prevent/Detect/Respond as a Frame for Requirements -- Prevention -- Detection -- Response -- People/Process/Technology as a Frame for Requirements -- People -- Process -- Technology -- Development Requirements vs. Acquisition Requirements -- Compliance-Driven Requirements -- Cloud Security Alliance -- NIST Publication 200 -- PCI-DSS -- Privacy Requirements -- Fair Information Practices -- Privacy by Design -- The Seven Laws of Identity -- Microsoft Privacy Standards for Development -- The STRIDE Requirements -- Authentication -- Integrity -- Non-Repudiation -- Confidentiality -- Availability -- Authorization -- Non-Requirements -- Operational Non-Requirements -- Warnings and Prompts -- Microsoft's "10 Immutable Laws" -- Summary -- Chapter 13 Web and Cloud Threats -- Web Threats -- Website Threats -- Web Browser and Plugin Threats -- Cloud Tenant Threats -- Insider Threats -- Co-Tenant Threats -- Threats to Compliance -- Legal Threats -- Threats to Forensic Response -- Miscellaneous Threats -- Cloud Provider Threats -- Threats Directly from Tenants -- Threats Caused by Tenant Behavior -- Mobile Threats -- Summary -- Chapter 14 Accounts and Identity -- Account Life Cycles -- Account Creation -- Account Maintenance -- Account Termination -- Account Life-Cycle Checklist -- Authentication -- Login -- Login Failures -- Threats to "What You Have" -- Threats to "What You Are" -- Threats to "What You Know" -- Authentication Checklist -- Account Recovery -- Time and Account Recovery -- E-mail for Account Recovery -- Knowledge-Based Authentication -- Social Authentication -- Attacker-Driven Analysis of Account Recovery -- Multi-Channel Authentication.
Account Recovery Checklist -- Names, IDs, and SSNs -- Names -- Identity Documents -- Social Security Numbers and Other National Identity Numbers -- Identity Theft -- Names, IDs, and SSNs Checklist -- Summary -- Chapter 15 Human Factors and Usability -- Models of People -- Applying Behaviorist Models of People -- Cognitive Science Models of People -- Heuristic Models of People -- Models of Software Scenarios -- Modeling the Software -- Diagramming for Modeling the Software -- Modeling Electronic Social Engineering Attacks -- Threat Elicitation Techniques -- Brainstorming -- The Ceremony Approach to Threat Modeling -- Ceremony Analysis Heuristics -- Integrating Usability into the Four-Stage Framework -- Tools and Techniques for Addressing Human Factors -- Myths That Inhibit Human Factors Work -- Design Patterns for Good Decisions -- Design Patterns for a Kind Learning Environment -- User Interface Tools and Techniques -- Configuration -- Explicit Warnings -- Patterns That Grab Attention -- Testing for Human Factors -- Benign and Malicious Scenarios -- Ecological Validity -- Perspective on Usability and Ceremonies -- Summary -- Chapter 16 Threats to Cryptosystems -- Cryptographic Primitives -- Basic Primitives -- Privacy Primitives -- Modern Cryptographic Primitives -- Classic Threat Actors -- Attacks against Cryptosystems -- Building with Crypto -- Making Choices -- Preparing for Upgrades -- Key Management -- Authenticating before Decrypting -- Things to Remember about Crypto -- Use a Cryptosystem Designed by Professionals -- Use Cryptographic Code Built and Tested by Professionals -- Cryptography Is Not Magic Security Dust -- Assume It Will All Become Public -- You Still Need to Manage Keys -- Secret Systems: Kerckhoffs and His Principles -- Summary -- Part V Taking It to the Next Level.
Chapter 17 Bringing Threat Modeling to Your Organization.
Abstract:
The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography! Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling. Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.
Local Note:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Genre:
Electronic Access:
Click to View