Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: one use for taxonomies
From: Andrew van der Stock <vanderaj () greebo net>
Date: Fri, 15 Jul 2005 11:34:17 +1000
Brenda,
I use TM to decompose business risks as a guide to look for technical issues. If there's a technical threat model, it's usually hard to see the bigger picture of what actually matters.
The reason I do this is to prioritize the search for business- interesting issues, rather than discovering a raft of lesser risks which have no business risk. For example, the world is not going to end if I order a book from Amazon without "128 bit SSL" protecting me. Sure it may be slightly riskier, but one transaction is not going to cause Amazon to disappear. However, if you can discover a way to view all reports on a system, this is terribly embarrassing for the organization and may violate privacy laws (and banking regulations if you're a bank).
This implies we need several kingdoms, and some kingdoms are more important than others. 

Technical Kingdom
- Authentication
- Event handling
- Injection
- Cryptography
- etc

Business Kingdom
- Reputation
- Intellectual Property Loss
- Monetary Loss
- etc

User Kingdom
- Privacy violation
- Identity Theft
- Monetary Loss
- Trust
- etc

Straw-man:

Technical Kingdom view
1.0 An attacker may be able to see the contents of a transaction
1.1 An attacker has control of a network device involved in the transaction flow 
1.1.1 The attacker can see all data
1.2 An attacker has a MITM proxy installed on the client PC
1.2.1 The attacker can see plain text transactions

Business Kingdom view
1.0 An attacker may be able to change the value of a transaction
...

User Kingdom view
1.0 An attacker may be able to steal my credit card when I use this service 
...
I personally don't think this is tractable problem for automation except as a subset of a particular kingdom. What we need are better threat modeling tools to assist in the creation of threat models. The MS tool is far too cumbersome to use for first time modelers. I use tables in Word and graphs in Visio if I have to do presentations. 

thanks,
Andrew


On 15/07/2005, at 8:07 AM, Brenda wrote:


I'm one of the "folks in Seattle" Arian mentioned in a previous post.
I have read what seemed relevant in the list archives, but I just got
here; I apologize if I am restating points others said previously.

Some colleagues & I have been working on a more consistent,
reproducible, computable &c threat modeling methodology.  If you've

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]