Okay, let's talk about threat modeling.
So we're looking at threat modeling. The first thing that we want to consider is what are our security objectives to be met
and where do we even get those objectives? Well, we get those of direct objectives, perhaps from legislative requirements or drivers things like again, am I required to be hip, A compliant or based on my industry?
Do I have to adhere to Sarbanes Oxley or,
you know, what are the requirements that I am legally mandated to follow? That's certainly a very important driver.
Other drivers might be contractual requirements. What is my customer require from the software that I'm producing?
Always. This should go back to being aligned with business objectives. How does my software support the business?
Hey, other things to consider with threat modeling, the C I. A. Triad confidentiality, integrity and availability.
And then we'll also just look at some tools very briefly, that we can use for threat modeling things like that of flow bought diagram. And we've also talked about use and misuse cases.
So when we look at threat modeling the data flow diagrams, what we have here is we have ah, the processing elements. We see the data flow from the elements to the data store, and basically this is just a way of mapping out and showing
how data flows from one element to another.
And as we're looking at this flow of data, how can we go through and look at vulnerabilities, potential issues or potential opportunities for an attacker?
Same idea here with use and misuse cases. We talk about normal function, perhaps, of authentication, where we provide user name and password. And we've already looked at this in a general sense. And we look at what are the threats to user authentication Waterson things we can do to medic mitigate those threats,
what with some further threats, be
so ultimately how things could be used for good as well. It's evil and how we mitigate and we lessen the opportunity for misuse.
So these air some elements that we look at when we are doing threat modeling. The acronym Stride is when I would keep in mind and I would certainly know it,
and I would know that stride stands for all the ways or all the areas of threats or the main areas from which we received threats. So ah, big threat is spoofing
You get that email that says Ah from Bank of America, your passwords been stolen. Please click on this link and reset your password. And surely we're not still clicking on links and e mails. I know that to be true in my heart, but just in case we were,
you know, obviously, in many instances, that's a fraudulent
email that's trying to capture your password. So where spoofing is the problem? Authentication is the answer require for you followed links and email and I would still say, Don't follow links an email. But in order to maintain assurance that the message is from a trusted entity
and that it hasn't been modified,
we want authentication and that authentication may come in the form of the digital signature that allows me to know this really is from Bank of America, and it hasn't been changed.
So the first of stride the assets for spoofing
the T in stride is for tampering, modifying, and this I just mentioned a little bit when we talk about tampering with talk about modification and the way we get assurance against modification is through CRCS and check sums, message digests, digital signatures
and really digital signatures.
Give me more than just integrity. Checking what digital signatures give me is something called non repudiation. And what non repudiation is is it's really a combination of the 1st 2 It's a combination of authentication and integrity, and that gives us non repudiation.
Essentially, what we mean here is that a user can't
dispute having sent the message nor the contents of the message. So with repudiation, which is the art of stride, ah, user might say all that message didn't come from me. It must have been spoofed
or yeah, that message came from me. But the contents have been modified. Well, we want non repudiation so that a user can't say this isn't my message, or it must have been altered in one of the ways that we get that is through the use of digital signatures.
All right, so we've got S T. R. I is information disclosure, So information is compromised. Private secrets or not private any longer. What do we do to protect privacy of information? We encrypt?
Okay, The D of stride, denial of service. And when we look a denial of service or any sort of sort of availability issue. We have to think redundancy,
fault, tolerance, eliminating a single point of failure. All those words or phrases that indicate high availability
and then the e of stride is escalation of privilege, where I add additional rights and permissions onto my account, or I gain access to an account with higher permissions, and we have good authorization controls in order to prevent that. So we make sure that
the Kelly Hander hand user account is on Lee authorized, based on principle of least privilege.
So when you're doing threat modeling, you look at the six main elements of threat
spoofing, tampering, repudiation, information disclosure, denial of service and escalation of privileges that stride.