Scribd
Upload
201 views

Threat Modelling

This document discusses threat modeling and classifying security threats. It explains that to identify an attacker's goals, one should consider potential entry points, protected resources, data flows, and trust boundaries from the attacker's perspective. The document then lists and provides examples of common security threat types: spoofing identity, tampering with data, repudiation/deniability, information disclosure, denial of service, and elevation of privilege.

Uploaded by

Arthur Ekow
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
201 views

Threat Modelling

This document discusses threat modeling and classifying security threats. It explains that to identify an attacker's goals, one should consider potential entry points, protected resources, data flows, and trust boundaries from the attacker's perspective. The document then lists and provides examples of common security threat types: spoofing identity, tampering with data, repudiation/deniability, information disclosure, denial of service, and elevation of privilege.

Uploaded by

Arthur Ekow
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

[

To identify the attackers possible goals,


you need to approach threat modelling
from an attackers POV:
Establish:
Potential Entry Points (E)
Protected Resources or Assets (P)
Data Flows between the systems
parts (D)
Trust Boundaries in the system (T)

The level of detail in a diagram has


to be broad enough to cover all
protected resources and reflect all
scopes of potential threats

The assumption for threat modelling is that the attacker will not
target a system that doesnt store some attractive resources.
Because of that, its worth it to reverse the natural order in
securing the system and start with presenting a classification of
the results of a successful intrusion rather than with a risk
assessment

Spoofing Identity
Tampering with Data
Repudiation, Deniability
Information Disclosure

Denial of Service
Elevation of Privilege

Occurs when users or a services identity is used illegally. Examples:

An attacker creates a rogue


website made to look like a
legitimate website and
confirms its authenticity by
establishing an SSL session
as the website

Sending spoofed, digitallysigned emails that pretend to


be sent from another user

Spoofing certificate-based
authentication systems to get
elevated privilege access to
the system

Obtaining digital signatures


for malware using
Authenticode that says it was
issued for a trusted company

Spoofing Identity

in a country in Europe, an application was


shared to enable citizens to complete their
census forms online.
It transpired it could leak the addresses and
dates of birth of entrepreneurs or people who
had their resident ID numbers published online

Spoofing Identity

To create an account, you only needed to provide your resident ID and first and last name or
your taxpayer ID or the place of birth or the birth name of your mother. Taxpayer IDs and
resident IDs of entrepreneurs were public information

They also can contain their addresses, years of birth and even
the birth names of their mothers. Once you provided this info, the application automatically
filled out the address field
were provided in the plaintext. To discover
them, you simply had to call a help line and submit the info you already knew (like the
taxpayer ID) to have a consultant give you the password

Tampering with Data

Its the number one target for attackers since day one

Malicious modification of websites to put up


propaganda and spread misinformation
Tampering with data used in a system can allow
attackers to control these systems
Changing business information may mean that
parties reach a decision based on false data
provided by an attacker

Repudiation, Deniability

you are unable to prove it that a person has


performed a specific action or has sent a
specific message
as such and informs the ability or inability
to identify and charge culprits responsible
for launching an attack

Repudiation, Deniability
of an employment centre was arrested on
charges
of
illegally
obtaining
unemployment
benefits
by
creating
fictitious records. He created addresses
and IDs for fictitious persons, entered the
data into the centres computer network
and then received the benefits for nonexisting people, gaining about 40 thousand
dollars.

and the computer system used by the


centre did not ensure non-repudiation, the
prosecution
case
was
based
on
circumstantial evidence

Information Disclosure

Information disclosure may also involve the obtaining


of sensitive data which makes it possible to run a
social engineering attack or impersonate another
user. Between 17 and 19 April 2001 attackers broke
into PlayStation Network and Qriocity, both Sony
services, and sniffed out data like usernames,
passwords, names, addresses and emails, birthdates
and, likely, shopping credit card details belonging to
more than 80 million customers

Information Disclosure

threats related to unauthorized


persons obtaining data that makes running an
attack easier. The virus that crept into computers
in the Creech Air Force Base was found out to
register every operation logged by operators of
unmanned aircrafts like Predator and Reaper,
both used by the US Army to conduct military
operations in Libya, Afghanistan and Iraq

Denial of Service

Most cases of denial of service attacks lead to sever


overload by flooding it with a high number of
requests (if these requests come from a number of
hosts controlled by attackers, we can speak of a
distributed denial of service attack, DDOS)
Denials of service may also be launched through the
use of specially-crafted incorrect requests

Evelation of Privilege

Attackers who run this type of attack usually exploit


an existing vulnerability in a program or operating
system or exploit system users carelessness or
ignorance

Security threats in a database server: A classification

You might also like