Experiences Threat Modeling at Microsoft
نویسنده
چکیده
Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data flow diagrams and a threat enumeration technique of ‘STRIDE per element.’ The paper covers some lessons learned which are likely applicable to other security analysis techniques. The paper closes with some possible questions for academic research.
منابع مشابه
Threat Modelling with Stride and UML
Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as ma...
متن کاملTDDC03 Projects, Spring 2006 A Comparison of Attack Trees Threat Modeling and OCTAVE
Avoidance and discovery of security vulnerabilities in information systems and managing enterprises requires awareness of typical risks and a good understanding of vulnerabilities and threats and their exploitations. Various methods for characterizing, identifying and managing threats have been presented. Bruce Schneier has invented the Attack Trees, Microsoft call their method Threat Modeling ...
متن کاملSpecifying Legal Risk Scenarios Using the CORAS Threat Modelling Language
The paper makes two main contributions: (1) It presents experiences from using the CORAS language for security threat modelling to specify legal risk scenarios. These experiences are summarised in the form of requirements to a more expressive language providing specific support for the legal domain. (2) Its second main contribution is to present ideas towards the fulfilment of these requirement...
متن کاملCyber Situation Awareness: Modeling Detection of Cyber Attacks With Instance-Based Learning Theory
OBJECTIVE To determine the effects of an adversary's behavior on the defender's accurate and timely detection of network threats. BACKGROUND Cyber attacks cause major work disruption. It is important to understand how a defender's behavior (experience and tolerance to threats), as well as adversarial behavior (attack strategy), might impact the detection of threats. In this article, we use co...
متن کاملThreat Modeling Data Analysis in Socio-technical Systems
Our decision-making processes are becoming more data driven, based on data from multiple sources, of different types, processed by a variety of technologies. As technology becomes more relevant for decision processes, the more likely they are to be subjects of attacks aimed at disrupting their execution or changing their outcome. With the increasing complexity and dependencies on technical comp...
متن کامل