« Agile SDL Streamline Security Practices For Agile Development | Main | Site News: We want to hear from you! »

Threat Models Improve Your Security Process

"This column proposes a way to think about secure design from a more holistic perspective by using threat models to drive your security engineering process, primarily helping you prioritize code review, fuzz testing, and attack surface analysis tasks.

As a setup for this column, you might want to first read Jeremy Dallman's "'Crawling' Toward SDL" post, which can be found on the Security Development Lifecycle (SDL) blog. You will notice that the concepts in this column map very well onto Jeremy's ideas and will allow you to add more structure and precision to your security efforts as you learn to crawl, then walk, and finally run with the SDL.
What I am proposing is using the threat model to help drive other SDL security requirements, primarily code review priority, fuzz testing priority, and attack surface reduction. That's all there is to it. Of course, I need to explain myself, so let's look at each in a little detail. Let me start with threat modeling."

"In my opinion, when people think of security vulnerabilities, most think of implementation bugs. One could argue that the SDL is focused a little too much on implementation bugs, and historically it was because most of the vulnerabilities Microsoft has fixed resulted from implementation bugs. But over the last couple of years we have moved more resources to focus on secure design, in part because the implementation bugs are now more scarce thanks to the SDL.                                        
Threat modeling is a cornerstone of the SDL because it allows a development team to think about secure design in a structured way. The threat modeling process can be effectively simplified into the following tasks:
  • Draw a picture of your software's data flows.
  • Use the "STRIDE per element" approach to find threats that apply to the design.
  • Address each threat.
  • Verify that you've modeled enough of the software, considered each threat, and addressed all the threats you discovered."

Read more: http://msdn.microsoft.com/en-us/magazine/dd148644.aspx


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!