Details

Threat Modeling


Threat Modeling

Designing for Security
1. Aufl.

von: Adam Shostack

50,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 12.02.2014
ISBN/EAN: 9781118810057
Sprache: englisch
Anzahl Seiten: 624

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's <i>Secrets and Lies</i> and <i>Applied Cryptography</i>!</b><br /><br />Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.</p> <p>Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.</p> <ul> <li>Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs</li> <li>Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric</li> <li>Provides effective approaches and techniques that have been proven at Microsoft and elsewhere</li> <li>Offers actionable how-to advice not tied to any specific software, operating system, or programming language</li> <li>Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world</li> </ul> <p>As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with <i>Threat Modeling: Designing for Security</i>.</p>
<p>Introduction xxi</p> <p><b>Part I Getting Started 1</b></p> <p><b>Chapter 1 Dive In and Threat Model! 3</b></p> <p>Learning to Threat Model 4</p> <p>Threat Modeling on Your Own 26</p> <p>Checklists for Diving In and Threat Modeling 27</p> <p>Summary 28</p> <p><b>Chapter 2 Strategies for Threat Modeling 29</b></p> <p>“What’s Your Threat Model?” 30</p> <p>Brainstorming Your Threats 31</p> <p>Structured Approaches to Threat Modeling 34</p> <p>Models of Software 43</p> <p>Summary 56</p> <p><b>Part II Finding Threats 59</b></p> <p><b>Chapter 3 STRIDE 61</b></p> <p>Understanding STRIDE and Why It’s Useful 62</p> <p>Spoofing Threats 64</p> <p>Tampering Threats 67</p> <p>Repudiation Threats 68</p> <p>Information Disclosure Threats 70</p> <p>Denial-of-Service Threats 72</p> <p>Elevation of Privilege Threats 73</p> <p>Extended Example: STRIDE Threats against Acme-DB 74</p> <p>STRIDE Variants 78</p> <p>Exit Criteria 85</p> <p>Summary 85</p> <p><b>Chapter 4 Attack Trees 87</b></p> <p>Working with Attack Trees 87</p> <p>Representing a Tree 91</p> <p>Example Attack Tree 94</p> <p>Real Attack Trees 96</p> <p>Perspective on Attack Trees 98</p> <p>Summary 100</p> <p><b>Chapter 5 Attack Libraries 101</b></p> <p>Properties of Attack Libraries 101</p> <p>CAPEC 104</p> <p>OWASP Top Ten 108</p> <p>Summary 108</p> <p><b>Chapter 6 Privacy Tools 111</b></p> <p>Solove’s Taxonomy of Privacy 112</p> <p>Privacy Considerations for Internet Protocols 114</p> <p>Privacy Impact Assessments (PIA) 114</p> <p>The Nymity Slider and the Privacy Ratchet 115</p> <p>Contextual Integrity 117</p> <p>LINDDUN 120</p> <p>Summary 121</p> <p><b>Part III Managing and Addressing Threats 123</b></p> <p><b>Chapter 7 Processing and Managing Threats 125</b></p> <p>Starting the Threat Modeling Project 126</p> <p>Digging Deeper into Mitigations 130</p> <p>Tracking with Tables and Lists 133</p> <p>Scenario-Specifi c Elements of Threat Modeling 138</p> <p>Summary 143</p> <p><b>Chapter 8 Defensive Tactics and Technologies 145</b></p> <p>Tactics and Technologies for Mitigating Threats 145</p> <p>Addressing Threats with Patterns 159</p> <p>Mitigating Privacy Threats 160</p> <p>Summary 164</p> <p><b>Chapter 9 Trade-Off s When Addressing Threats 167</b></p> <p>Classic Strategies for Risk Management 168</p> <p>Selecting Mitigations for Risk Management 170</p> <p>Threat-Specific Prioritization Approaches 178</p> <p>Mitigation via Risk Acceptance 184</p> <p>Arms Races in Mitigation Strategies 185</p> <p>Summary 186</p> <p><b>Chapter 10 Validating That Threats Are Addressed 189</b></p> <p>Testing Threat Mitigations 190</p> <p>Checking Code You Acquire 192</p> <p>QA’ing Threat Modeling 195</p> <p>Process Aspects of Addressing Threats 197</p> <p>Tables and Lists 198</p> <p>Summary 202</p> <p><b>Chapter 11 Threat Modeling Tools 203</b></p> <p>Generally Useful Tools 204</p> <p>Open-Source Tools 206</p> <p>Commercial Tools 208</p> <p>Tools That Don’t Exist Yet 213</p> <p>Summary 213</p> <p><b>Part IV Threat Modeling in Technologies and Tricky Areas 215</b></p> <p><b>Chapter 12 Requirements Cookbook 217</b></p> <p>Why a “Cookbook”? 218</p> <p>The Interplay of Requirements, Threats, and Mitigations 219</p> <p>Business Requirements 220</p> <p>Prevent/Detect/Respond as a Frame for Requirements 221</p> <p>People/Process/Technology as a Frame for Requirements 227</p> <p>Development Requirements vs. Acquisition Requirements 228</p> <p>Compliance-Driven Requirements 229</p> <p>Privacy Requirements 231</p> <p>The STRIDE Requirements 234</p> <p>Non-Requirements 240</p> <p>Summary 242</p> <p><b>Chapter 13 Web and Cloud Threats 243</b></p> <p>Web Threats 243</p> <p>Cloud Tenant Threats 246</p> <p>Cloud Provider Threats 249</p> <p>Mobile Threats 250</p> <p>Summary 251</p> <p><b>Chapter 14 Accounts and Identity 253</b></p> <p>Account Life Cycles 254</p> <p>Authentication 259</p> <p>Account Recovery 271</p> <p>Names, IDs, and SSNs 282</p> <p>Summary 290</p> <p><b>Chapter 15 Human Factors and Usability 293</b></p> <p>Models of People 294</p> <p>Models of Software Scenarios 304</p> <p>Threat Elicitation Techniques 311</p> <p>Tools and Techniques for Addressing Human Factors 316</p> <p>User Interface Tools and Techniques 322</p> <p>Testing for Human Factors 327</p> <p>Perspective on Usability and Ceremonies 329</p> <p>Summary 331</p> <p><b>Chapter 16 Threats to Cryptosystems 333</b></p> <p>Cryptographic Primitives 334</p> <p>Classic Threat Actors 341</p> <p>Attacks against Cryptosystems 342</p> <p>Building with Crypto 346</p> <p>Things to Remember about Crypto 348</p> <p>Secret Systems: Kerckhoffs and His Principles 349</p> <p>Summary 351</p> <p><b>Part V Taking It to the Next Level 353</b></p> <p><b>Chapter 17 Bringing Threat Modeling to Your Organization 355</b></p> <p>How To Introduce Threat Modeling 356</p> <p>Who Does What? 359</p> <p>Threat Modeling within a Development Life Cycle 367</p> <p>Overcoming Objections to Threat Modeling 379</p> <p>Summary 383</p> <p><b>Chapter 18 Experimental Approaches 385</b></p> <p>Looking in the Seams 386</p> <p>Operational Threat Models 387</p> <p>The “Broad Street” Taxonomy 392</p> <p>Adversarial Machine Learning 398</p> <p>Threat Modeling a Business 399</p> <p>Threats to Threat Modeling Approaches 400</p> <p>How to Experiment 404</p> <p>Summary 405</p> <p><b>Chapter 19 Architecting for Success 407</b></p> <p>Understanding Flow 407</p> <p>Knowing the Participants 413</p> <p>Boundary Objects 414</p> <p>The Best Is the Enemy of the Good 415</p> <p>Closing Perspectives 416</p> <p>Summary 419</p> <p>Now Threat Model 420</p> <p><b>Appendix A Helpful Tools 421</b></p> <p>Common Answers to “What’s Your Threat Model?” 421</p> <p><b>Appendix B Threat Trees 429</b></p> <p>STRIDE Threat Trees 430</p> <p>Other Threat Trees 470</p> <p><b>Appendix C Attacker Lists 477</b></p> <p>Attacker Lists 478</p> <p><b>Appendix D Elevation of Privilege: The Cards 501</b></p> <p>Spoofing 501</p> <p>Tampering 503</p> <p>Repudiation 504</p> <p>Information Disclosure 506</p> <p>Denial of Service 507</p> <p>Elevation of Privilege (EoP) 508</p> <p><b>Appendix E Case Studies 511</b></p> <p>The Acme Database 512</p> <p>Acme’s Operational Network 519</p> <p>Phones and One-Time Token Authenticators 525</p> <p>Sample for You to Model 528</p> <p>Glossary 533</p> <p>Bibliography 543</p> <p>Index 567</p>
<p><b>Adam Shostack</b> is a principal program manager on Microsoft's Trustworthy Computing team. He helped found the CVE \, the Privacy Enhancing Technologies Symposium, and the International Financial Cryptography Association His experience shipping products (at both Microsoft and tiny startups) and managing operational security ensures the advice in this book is grounded in real experience.
<p><b>use threat modeling to enhance software security</b> <p>If you're a software developer, systems manager, or security professional, this book will show you how to use threat modeling in the security development lifecycle and in the overall software and systems design processes. Author and security expert Adam Shostack puts his considerable expertise to work in this book that, unlike any other, details the process of building improved security into the design of software, computer services, and systems — from the very beginning. <ul> <li>Find and fix security issues before they hurt you or your customers</li> <li>Learn to use practical and actionable tools, techniques, and approaches for software developers, IT professionals, and security enthusiasts</li> <li>Explore the nuances of software-centric threat modeling and discover its application to software and systems during the build phase and beyond</li> <li>Apply threat modeling to improve security when managing complex systems</li> <li>Manage potential threats using a structured, methodical framework</li> <li>Discover and discern evolving security threats</li> <li>Use specific, actionable advice regardless of software type, operating system, or program approaches and techniques validated and proven to be effective at Microsoft and other top IT companies</li> </ul>

Diese Produkte könnten Sie auch interessieren:

Symbian OS Explained
Symbian OS Explained
von: Jo Stichbury
PDF ebook
32,99 €
Symbian OS Internals
Symbian OS Internals
von: Jane Sales
PDF ebook
56,99 €
Parallel Combinatorial Optimization
Parallel Combinatorial Optimization
von: El-Ghazali Talbi
PDF ebook
120,99 €