Current location - Quotes Website - Personality signature - Threat modeling
Threat modeling
1. The purpose of threat modeling is to understand the potential security threats in the system, identify risks and establish corresponding mitigation mechanisms.

2. Value: risk management, safety design, reducing attack surface and guiding testing.

3. Common threat modeling methods in the industry: attack tree (attacker's perspective), TVRA (Ericsson is used more often and may be attacked by assets), and STRIDE (Microsoft, with six security dimensions, has lower requirements for personnel skills).

4. Stride:

Prevent impersonation through authentication (password authentication, SSL, IPSEC, SSH)

? Tampering (t maliciously modifying data) and preventing it through integrity (hash, MAC, digital signature, ACL, etc.). )

Denial (r the attacker refuses to admit to participating in an activity), authentication and audit log prevention.

Prevent information disclosure (unauthorized access to or acquisition of information) through confidentiality (encryption, ACL, etc.). )

Denial of service (D can't provide service normally), and prevention through availability (load balancing, filtering, caching, etc.). )

Authority promotion (e), prevention through authorization (authority minimization, sandbox, etc.). )

Changes of Data Flow Diagram —— Analysis Based on System Architecture View

Focus on two key elements: business components and interfaces.

5. Huawei's best practice: complete the 8-dimensional security architecture design framework according to the analysis questionnaire.

6. Architecture diagram: complete: including all components, elements, abstraction and balance.

Draw trust boundaries: network boundaries, user boundaries, and host boundaries.

Determine the key elements: external interfaces, key components, objects (files, data) processed by the system, and subjects of system interaction.

7. Thinking like an attacker is helpful to understand the potential threats in the system, identify risks and establish corresponding mitigation mechanisms.

8, low-level modeling and drawing data flow diagram, threat analysis. Keywords risk assessment, formulation of mitigation measures, product response,

9, drawing data flow diagram:

Elements: external interaction, processing, data storage, data flow.

Dividing trust boundaries

10, threat analysis, stride threat table

1 1、