2. Value: risk management, safety design, reducing attack surface and guiding testing.
3. Common threat modeling methods in the industry: attack tree (attacker's perspective), TVRA (Ericsson is used more often and may be attacked by assets), and STRIDE (Microsoft, with six security dimensions, has lower requirements for personnel skills).
4. Stride:
Prevent impersonation through authentication (password authentication, SSL, IPSEC, SSH)
? Tampering (t maliciously modifying data) and preventing it through integrity (hash, MAC, digital signature, ACL, etc.). )
Denial (r the attacker refuses to admit to participating in an activity), authentication and audit log prevention.
Prevent information disclosure (unauthorized access to or acquisition of information) through confidentiality (encryption, ACL, etc.). )
Denial of service (D can't provide service normally), and prevention through availability (load balancing, filtering, caching, etc.). )
Authority promotion (e), prevention through authorization (authority minimization, sandbox, etc.). )
Changes of Data Flow Diagram —— Analysis Based on System Architecture View
Focus on two key elements: business components and interfaces.
5. Huawei's best practice: complete the 8-dimensional security architecture design framework according to the analysis questionnaire.
6. Architecture diagram: complete: including all components, elements, abstraction and balance.
Draw trust boundaries: network boundaries, user boundaries, and host boundaries.
Determine the key elements: external interfaces, key components, objects (files, data) processed by the system, and subjects of system interaction.
7. Thinking like an attacker is helpful to understand the potential threats in the system, identify risks and establish corresponding mitigation mechanisms.
8, low-level modeling and drawing data flow diagram, threat analysis. Keywords risk assessment, formulation of mitigation measures, product response,
9, drawing data flow diagram:
Elements: external interaction, processing, data storage, data flow.
Dividing trust boundaries
10, threat analysis, stride threat table
1 1、