I was recently invited to give a presentation at Los Alamos National Labs. The talk I gave was titled “Threat Modeling for System Builders and Breakers.” I had a great time and I wanted to thank the folks at Los Alamos for their wonderful hospitality, great questions and an overall fantastic speaking experience.
Slides are online here:
The abstract for the presentation is:
Threat modeling is a valuable technique for identifying potential security issues in complex applications but many teams have been slow to adopt. This presentation looks at Threat Modeling from two perspectives – from that of a system builder trying to avoid introducing security defects into a new system and from that of a system tester trying to identify security issues in an existing system. The materials include discussion of where threat modeling is best done during the development lifecycle as well as the process of creating and refining a threat model.
There were a couple of resources I discussed during my talk that weren’t in the slides I also wanted to mention here:
- The Intel Threat Agent Library is a great whitepaper that lays out a structured look at attackers, their goals and the level of training and resources you should expect them to have. There’s a lot of super-solid material here.
- Microsoft’s Threat Modeling Tool 2014 is a really handy freely-available tool for creating threat models. Microsoft has been through a number of iterations of this tool and it keeps getting better.
The most serious vulnerabilities we’ve identified while testing systems could have been proactively identified by building a threat model during the development process. This is a technique that both developers and security testers can use to great effect – it is a shame that more organizations aren’t taking better advantage.