Comments are closed.
A great introduction to threat modelling
February 23rd, 2005
Here are two cracking introductions to threat modelling from Peter Torr - who does something at Microsoft, although his blog is somewhat thin on helpful ‘About me’ pages. Not that this detracts from the content - he’s clearly someone who knows what he’s talking about…
It fits rather well with a technique I saw at a presentation to a BCS meeting a month or so ago by Dr Nick Efford of Leeds University. As well as a practical demonstration of SQL injection - which was actually considerably more interesting than it sounds - one of the techniques he covered was attack trees.
Basically the technique involves taking a given situation - say, illicitly acquiring user credentials - and then decomposing that threat into the conditions that have to be met for it to be a valid problem. Once you’ve decomposed the threat, you can look at the logical conditions that the sub-threats exist under, and use that to work out an appropriate response.
So in the case of user credentials, for example, you’d need both the user ID and password. As both are required - a boolean AND situation - mitigating either of the sub-threats would be enough to mitigate the parent. If on the other hand you only needed to compromise one of the elements, then both would need to be mitigated - and so on.
All of which can be very quickly modelled, and shown as graphical attack trees - ideal for presentations to non-specialists or pointy-haired bosses…
Filed under Technical stuff |2 Responses to “A great introduction to threat modelling”
Just to let you know that although you can’t see the private post on the website you can see it in a rss feed!
Thanks - it was an experiment that didn’t quite work…!