IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User...
Transcript of IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User...
![Page 1: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/1.jpg)
IN2001
Software Engineering og prosjektarbeid
Vår 2018
Sikker systemutvikling
Audun Jøsang
University of Oslo
![Page 2: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/2.jpg)
Hva er informasjonssikkerhet ?
• Informasjonssikkerhet betyr å beskytte informasjonsressurser
mot skade.
• Hvilke informasjonsressurser skal beskyttes?
– Eksempel: data, programvare, konfigureringer, utstyr og infrastruktur
• Dekker både tilsiktet og utilsiktet skade
– Trusselagenter kan være mennesker eller naturlige hendelser
– Mennesker kan gjøre skade både tilsiktet og utilsiktet
• Definisjon av informasjonssikkerhet:
– Beskyttelse av informasjonens konfidensialitet, integritet og tilgjengelighet.
I tillegg kan andre egenskaper, f.eks. autentisitet, sporbarhet,
uavviselighet og pålitelighet omfattes. (NS 27002:2005)
– The preservation of confidentiality, integrity and availability of information;
in addition, other properties such as authenticity, accountability,
non-repudiation and reliability can also be involved. (ISO27000:2016)
IN2001 2018 Sikker Systemutvikling 2
![Page 3: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/3.jpg)
Security services and controls• Security services (aka. goals or properties)
– implementation independent
– supported by specific controls
• Security controls (aka. mechanisms)
– Practical mechanisms, actions, tools or procedures that are used
to provide security services
IN2001 2018 Sikker Systemutvikling 3
e.g. Confidentiality – Integrity – Availability
e.g. Encryption – Firewalls – Input Validation
Security services:
Security controls:
support
![Page 4: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/4.jpg)
Risikomodell for sikkerhet
• Enhver risiko er et
resultat av et gitt
trusselscenario som fører
til en hendelse som
skader verdier.
• Motivasjon, kapasitet,
sårbarhet og konsekvens
bestemmer risikonivået
for den konkrete risikoen.
IN2001 2018 Sikker Systemutvikling 4
Trusselaktør-
styrke
Sårbarhet for
trusselscenario
Sannsynlighet for (at
trusselscenario skal
forårsake) hendelse
Hendelsens
konsekvens på
verdier
Risikonivå
Trusselaktør-
motivasjon
Trusselaktør-
kapasitet
Trussel-
aktør
Forklaring:
Har attributt
Bidrar til
Trussel-
scenario
![Page 5: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/5.jpg)
Praktisk risikovurdering
• Estimering av nivå for
hver risiko er typisk
basert på to faktorer:
1. Sannsynlighet / frekvens
for en trusselhendelse
2. Konsekvens av
trusselhendelsen
IN2001 2018 Sikker Systemutvikling 5
Risikonivå
Trussel-
scenario
Sannsynlighet for (at
trusselscenario skal
forårsake) hendelse
Hendelsens
konsekvens på
verdier
![Page 6: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/6.jpg)
Mange risikoer
• Mange forskjellige trusselsenarioer kan identifiseres
• Hvert trusselscenario kan potensielt føre til en hendelse
• Hver potensielle hendelse har en konsekvens
• Hver kombinasjon av scenario og konsekvens gir en risiko
IN2001 2018 Sikker Systemutvikling 6
Scenario 1 Hendelse 1 Risiko 1
Scenario 2 Hendelse 2 Risiko 2
Scenario 3 Hendelse 3 Risiko 3
Scenario N Hendelse N Risiko N
: : :
![Page 7: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/7.jpg)
Types of Threats
Spoofed packets
Buffer overflows, server exploits
SQL injection, XSS, input tampering, etc.
Network Host ApplicationThreats against
the network
Threats
against the host
Threats against
the application
IN2001 2018 Sikker Systemutvikling 7
(Spear)Phishing email and drive-by websites with
User
Threats against
users
![Page 8: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/8.jpg)
Threats Against the Network
Threat Examples
Information gathering Port scanning
Using trace routing to detect network topologies
Using broadcast requests to enumerate subnet
hosts
Eavesdropping Using packet sniffers to steal passwords
Denial of service
(DoS)
SYN floods
ICMP echo request floods
Malformed packets
Spoofing Packets with spoofed source addresses
IN2001 2018 Sikker Systemutvikling 8
![Page 9: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/9.jpg)
Threats Against the Host
Threat Examples
Arbitrary code execution Buffer overflows in ISAPI DLLs (e.g., MS01-033)
Directory traversal attacks (MS00-078)
File disclosure Malformed HTR requests (MS01-031)
Virtualized UNC share vulnerability (MS00-019)
Denial of service (DoS) Malformed SMTP requests (MS02-012)
Malformed WebDAV requests (MS01-016)
Malformed URLs (MS01-012)
Brute-force file uploads
Unauthorized access Resources with insufficiently restrictive ACLs
Spoofing with stolen login credentials
Exploitation of open
ports and protocols
Using NetBIOS and SMB to enumerate hosts
Connecting remotely to SQL Server
IN2001 2018 Sikker Systemutvikling 9
![Page 10: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/10.jpg)
Threats Against the Application
Threat Examples
SQL injection Including a DROP TABLE command in text typed
into an input field
Cross-site scripting Using malicious client-side script to steal cookies
Hidden-field
tampering
Maliciously changing the value of a hidden field
Eavesdropping Using a packet sniffer to steal passwords and
cookies from traffic on unencrypted connections
Session hijacking Using a stolen session ID cookie to access
someone else's session state
Identity spoofing Using a stolen forms authentication cookie to pose
as another user
Information
disclosure
Allowing client to see a stack trace when an
unhandled exception occurs
IN2001 2018 Sikker Systemutvikling 10
![Page 11: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/11.jpg)
Threats Against the User
Threat Examples
Phishing email Pointer to false website, request to login, stolen
credentials
Phishing email Pointer to compromised website with drive-by
malicious content, e.g. malware, exploits, XSS,
Phishing email Attachment with malware and exploits,
camouflaged as legitimate program or document
Malicious website Containing malicious content e.g. malware XSS,
drive-by infection
Compromised
website
Containing malicious content e.g. malware XSS,
drive-by infection
Plug-in media USB-device with malware
Malicious wifi router Interception of data & credentials, possibly
combined with TLS stripping or fake certificates
IN2001 2018 Sikker Systemutvikling 11
![Page 12: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/12.jpg)
APT Scenario (Advanced Persistent Threats)
IN2001 2018 Sikker Systemutvikling 12
Trinn for gjennomføring
av trusselscenario for APT
Reconaissance1
Weaponisation
Delivery
Exploitation
Installation
Cmd & Ctrl
2
3
4
5
6
7
Time scale
Days, months, years
Days, months
Hours, days
Action/Exfiltration
Minutes, hours
Seconds
Milliseconds
Hours, days, years
![Page 13: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/13.jpg)
The web application security challenge
Fire
wa
ll
Hardened OS
Web Server
App Server
Fire
wall
Da
tab
as
es
Leg
ac
y S
yste
ms
We
b S
erv
ice
s
Dir
ec
tori
es
Hu
ma
n R
es
rcs
Bil
lin
g
Custom Developed
Application CodeAPPLICATION
ATTACK
Netw
ork
La
yer
Ap
pli
ca
tio
n L
aye
r
Your security “perimeter” has huge holes at the application layer
IN2001 2018 Sikker Systemutvikling 13Network security (firewall, SSL, IDS, hardening) does not stop application attacks
![Page 14: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/14.jpg)
OWASPThe Open Web Application Security Project
• Non-profit organisation
– Local chapters in most countries, also in Norway
• OWASP promotes security awareness and security
solutions for Web application development.
• OWASP Top-10 security risks identify the most critical
security risks of providing online services
– The Top 10 list also recommends relevant security solutions.
• OWASP ASVS (Application Security Verification Standard)
specifies requirements for application-level security.
• OWASP website provides and maintains many free tools
for scanning and security vulnerability fixing
IN2001 2018 Sikker Systemutvikling 14
![Page 15: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/15.jpg)
Top-10 2017 Web Application Risks
1. Injection
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities (XXE)
5. Broken Access Control
6. Security Misconfiguration
7. Cross Site Scripting (XSS)
8. Insecure Deserialization
9. Using Components with Known Vulnerabilities
10. Insufficient Logging & Monitoring
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
IN2001 2018 Sikker Systemutvikling 15
![Page 16: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/16.jpg)
ASVSApplication Security Verification StandardASVS Edition 2016 contains 16 sets of verification requirementshttps://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
• V1: Architecture
• V2: Authentication
• V3: Session Management
• V4: Access Control
• V5: Input validation and
output encoding
• V7: Cryptography
• V8: Error Handling
• V9: Data Protection
• V10: Communications
• V13: Malicious Code
• V15: Business Logic Flaws
• V16: Files and Resources
• V17: Mobile
• V18: API
• V19: Configuration
• V20: Internet of Things
IN2001 2018 Sikker Systemutvikling 16
![Page 17: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/17.jpg)
Waterfall and Secure Waterfall
IN2001 2018 Sikker Systemutvikling 17
Verification
Maintenance
Design
Requirements
Implementation
Waterfall SDLC (Software
Development Life Cycle)
Microsoft SDL (Secure Development Lifecycle)
![Page 18: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/18.jpg)
Agile Software Development
• Requirements are specified as stories
• Each story implemented as sprint
• Repeated sprint cycles until all stories
are implemented
IN2001 2018 Sikker Systemutvikling 18
Evaluate current
systemRelease new software
Develop, integrate &
test new functionality
Plan new releaseBreak down user story
into functionsSelect user stories for
the next release
Deploy system
Project planning
![Page 19: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/19.jpg)
Secure Agile Software Development
• Secure agile SDLC is challenging
• Add security related development tasks
– (yellow boxes)
• Security necessarily maks SDLC less agile
IN2001 2018 Sikker Systemutvikling 19
Evaluate system &
review security
Release new
software
Develop, integrate
& test new function
Plan new releaseBreak down user
story into functions
Select user stories
for next release
Collect stakeholder
security concerns
Identify threat
scenarios to control
Project planning
Deploy system
![Page 20: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/20.jpg)
Sprint
BacklogProduct
Backlog
Sprint
Planning
Sprint
Retrospective
Sprint Cycles (1- 4 weeks each)
Daily
Scrums
Definition
of Done
Backlog
Refinement
Sprint
Review
Product
Vision
Product
Owner
Scrum
Master
Development
Team
Communication
User
Stories
Incremental
Product
Scrum Model for Agile Software Development
IN2001 2018 Sikker Systemutvikling 20
![Page 21: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/21.jpg)
Threat Modelling Objectives
By performing Threat Modeling you can:
• Identify relevant threats to your particular
application scenario.
• Identify key vulnerabilities in your
application design.
• Improve your security design
IN2001 2018 Sikker Systemutvikling 21
![Page 22: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/22.jpg)
Threat Modelling
• Attacker-centric (STRIDE)
(Spoofing with identity, Tampering with data, Repudiation,
Information disclosure, Denial of service, Elevation of privilege)
– Starts from attackers, evaluates their goals, and how they might
achieve them through attack tree. Usually starts from entry
points or attacker action.
• System-centric (ASF – Application Security Frame)
– Starts from model of system, and attempts to follow model
dynamics and logic, looking for types of attacks against each
element of the model. This approach is e.g. used for threat
modeling in Microsoft's Security Development Lifecycle.
• Asset-centric (CORAS)
– Starts from information assets, such as a collection of sensitive
personal information, and attempts to identify how security
breaches of CIA properties can happen.
IN2001 2018 Sikker Systemutvikling 22
![Page 23: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/23.jpg)
STRIDE
S
T
R
I
D
Tampering
Repudiation
Information disclosure
Denial of service
Can an attacker gain access using a false identity?
Can an attacker modify data as it flows through the application?
If an attacker denies doing something, can we prove he did it?
Can an attacker gain access to private or potentially injurious data?
Can an attacker crash or reduce the availability of the system?
EElevation of privilegeCan an attacker assume the identity of a privileged user?
Spoofing
IN2001 2018 Sikker Systemutvikling 23
![Page 24: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/24.jpg)
Attack Centric: Threat Trees
Theft of
Auth. Cookies
Obtain auth.
cookie to spoof
identity
Unencrypted
Connection
Cookies travel
over
unencrypted
HTTP
Eavesdropping
Attacker uses
sniffer to
monitor HTTP
traffic
Cross-Site
Scripting
Attacker
possesses
means and
knowledge
XSS
Vulnerability
Application is
vulnerable to
XSS attacks
OR
AND AND
IN2001 2018 Sikker Systemutvikling 24
![Page 25: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/25.jpg)
System-centric threat modelling example
IN2001 2018 Sikker Systemutvikling 25
Front end
Web server
Back end
app. logic
MySQL
databaseInternet
User may not have
logged off on
shared computer
SQL injectionUnauthorized access
Traffic
interception
Implement
timeout
Implement
encryption Password
policy
Validate input
Controls
![Page 26: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/26.jpg)
Asset-centric threat modelling
IN2001 2018 Sikker Systemutvikling 26
Customer
baseCompany
reputation
HW and SWData CIA Legal
compliance
Disclosure
of user dataDOS attack
Misuse of
user data
Penetration
of servers
![Page 27: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/27.jpg)
Risk Levels of Threats with DREAD
D
R
E
A
D
Reproducibility
Exploitability
Affected users
Discoverability
What are the consequences of a successful exploit?
Would an exploit work every time or only under certain circumstances?
How skilled must an attacker be to exploit the vulnerability?
How many users would be affected by a successful exploit?
How likely is it that an attacker will know the vulnerability exists?
Damage potential
IN2001 2018 Sikker Systemutvikling 27
![Page 28: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/28.jpg)
Example
IN2001 2018 Sikker Systemutvikling 28
Threat D R E A D Risk Lvl
Auth. cookie theft (eavesdropping) 3 2 3 2 3 13
Auth. cookie theft (XSS) 3 2 2 2 3 12
Potential for damage is high
(spoofed identities, etc.)
Cookie can be stolen any time,
but is only useful until expired
Anybody can run a packet sniffer;
XSS attacks require moderate skill
All users could be affected, but in
reality most won't click malicious links
Easy to discover: just type a
<script> block into a field
Prioritized
Threats
![Page 29: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/29.jpg)
User Stories vs. Usecases
User Story – Seen from the user perspective:
As an [actor] I want [action] so that [achievement].
For example: As a Flickr member, I want to set
different privacy levels on my photos, so I can control
who sees which of my photos.
Usecase – Seen from the design perspective:
Description of a set of interactions between a system
and one or more actors (where an ‘actor’ can be a user
or another system).
IN2001 2018 Sikker Systemutvikling29
User
Story
Usecase Server logic
![Page 30: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/30.jpg)
Attacker Story and Misuse Case
(Attacker Goal and Threat Scenario)
Attacker Story – The goal of the attacker:
As an [attacker] I want [action] so that [achievement].
So, for example: As an attacker, I want to hack into
Flickr accounts to steal photos and personal info.
Misuse Case (Threat Scenario)
Seen from the threat scenario perspective:
Description of a set of steps and interactions to be
executed by attacker to achieve goal.
IN2001 2018 Sikker Systemutvikling30
Attacker
Story
Misuse
case
Server logic
![Page 31: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/31.jpg)
Threat Considerations for Usecases
31
User
Misuse case
Attacker
Usecase
threatens
IN2001 2018 Sikker Systemutvikling
![Page 32: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/32.jpg)
Example part 1
User
Enter username
Use app
Enter password
IN2001 2018 Sikker Systemutvikling 32
![Page 33: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/33.jpg)
Injection attackexploit
exploit
threatenUser
Enter username
Use app
Attacker
Enter password
Example part 2
IN2001 2018 Sikker Systemutvikling 33
![Page 34: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/34.jpg)
Injection attack
Overflow attack
exploit
exploit
threaten
Enter username
Enter password
Use app
User
Attacker
Example part 3
IN2001 2018 Sikker Systemutvikling 34
![Page 35: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/35.jpg)
Threat Description(Misuse Case Description)
• Name of threat scenario
• Attacker profile
• Description
- Basic scenario
- Alternative scenarios
• Vulnerabilities exploited by threat scenario
• Assumptions
• D.R.E.A.D. risk level
• Potential security control(s) to eliminate or mitigate threat
– Expected simplicity of implementing security control(s)
35IN2001 2018 Sikker Systemutvikling
![Page 36: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/36.jpg)
Security Controls
• Propose security controls that will:
- remove vulnerabilities exploited by the threat
- prevent, detect or correct damage from the threat scenario
• Security controls examples:
– Using non-vulnerable libraries
– Filtering input
– Encryption
– Logging of events
– Strong user authentication
– Adequate access control
– Configuration and patch management
– Backup
– etc.
36IN2001 2018 Sikker Systemutvikling
![Page 37: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/37.jpg)
Injection attack
Overflow attack
prevents
Input validation
preventsUser
Enter username
Enter password
Use app
Attacker
Example part 4
Control
IN2001 2018 Sikker Systemutvikling 37
![Page 38: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/38.jpg)
Threat Poker for Each Threat Scenario• A little bit similar to planning poker.
– Multiple rounds for everyone to express their opinions
– Stimulates discussion in the team
– Avoids bias induced by strong/loud team members
• Redback Cards: Risk-level of threat (e.g. from DREAD)– 2-value: Min risk,
– Ace-value (14): Max risk
• Blueback Cards: How simple/easy is it to implement control(s) that would prevent/detect/correct threat scenario– 2-value: Very difficult/expensive/long time to stop threat,
– Ace-value (14): Very simple/easy/cheap/quick to stop threat
• Priority for removing threat is the sum: +
IN2001 2018 Sikker Systemutvikling 38
![Page 39: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/39.jpg)
Summary
• Without threat modelling, developed software will be insecure
• Fundamental for developers to understand common attacks
• Expertise is needed to understand specialised attacks
• Developers must learn and use secure coding practices
• The amount of threat modelling is a business decision
IN2001 2018 Sikker Systemutvikling 39
![Page 40: IN2001 Software Engineering og prosjektarbeid Vår …...2018/02/05 · Threats Against the User Threat Examples Phishing email Pointer to false website, request to login, stolen](https://reader034.fdocuments.in/reader034/viewer/2022042207/5eaa54ea3e9d7f79e6070f28/html5/thumbnails/40.jpg)
End of Lecture
IN2001 2018 Sikker Systemutvikling 40