SlideShare a Scribd company logo

Threat Modeling for the Internet of Things

Eric Vétillard
Eric Vétillard

A presentation made in several public events in 2015 about the threats related to the Internet of Things, and how modeling can be used as a way to manage mitigation methods.

1 of 33
Downloaded 269 times
Threat Modeling for the Internet of Things Eric Vétillard IoT Product Management Group September 2015
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Agenda 1 2 3 4 5 Definitions Concerns and threats Some countermeasures Device and gateway security Simple checklist 3
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 4 IoT Infrastructure – Main components Devices Enterprise Apps Operators IoT Service Gateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safety vs. Security Safety • Protects against malfunction – Focus on quality • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps Security • Protects against attackers – Focus on robustness – Several defence layers • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps 5
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 6 Attack Surface – Main components Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 7 Attack Surface – Specific to the Internet of Things Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 8 Attack Surface – Software Components Devices Messages IoT Service HW / OS Framework Cloud/Server Framework
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In the Press • In 2015, a few car-related headlines – BMW Connected Drive hack sees 2.2 million cars exposed to remote unlocking (02/02) – DARPA Hacks GM's OnStar To Remote Control A Chevrolet Impala (02/08) – US Senate Report: Automakers fail to fully protect against hacking (02/09) – Hackers take control of Jeep on the highway (August) • A few unrelated headlines from 2014 – Hackers had struck an unnamed steel mill in Germany (Jan) – U.S. government probes medical devices for possible cyber flaws (Oct 14) 9 Privacy Spying Theft Remote Control Physical damage Murder?
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In Practice: The BMW Hack • A lab has been able to remotely open a BMW car – Reverse engineering the ConnectedDrive feature to identify vulnerabilities – Exploiting the vulnerabilities identified through an attack path • The list of vulnerabilities is rather long – The same keys are used in all vehicles – Some messages are not encrypted – Configuration data is not tamper-proof – The crypto algorithm used (DES) is outdated and broken – The software does not include protection against replay attacks • One fix: The communication is now encrypted using HTTPS 10
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | The BMW Hack: Poor Decisions Poor decision Safety reasoning Security reasoning Using the same keys Simple process No complex infrastructure Keys need to be diversified A key needs to be broken on every car No systematic encryption Only critical messages are encrypted A secure channel protects against reverse engineering Configuration data no tamper-proof Configuration data integrity is protected by a checksum Configuration data authenticity is protected by a cryptographic checksum The vehicle ID is in error messages Simplify diagnosis by having the data A remote attacker doesn’t have the ID, so let’s protect it Using DES Well-known, fast algorithm DES is broken, let’s mandate AES No protection against replay attacks Same message, same action A recorded message cannot have the same effect when replayed 11
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Threat Analysis Thinking like an attacker • Very important to validate a design – Identify the key assets and their flows – Analyze how security protections can be bypassed – Consider vulnerabilities as opportunities • Identify countermeasures to be added to the design – And loop again on the analysis 12
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 13 Attack Surface – Between Devices and IoT Service Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway Thinking like an attacker • Attacking the network link, remotely • Any operation can be attacked • Targeting admin operations can be good • A failure can affect many deployments Thinking like a defender • IoT framework typically not fully under control • Patching/update must be supported at all levels
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 14 Attack Surface – Device Low-level Software Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • IoT operating systems are not well protected • Older attacks may even work • Maybe that the update mechanism is broken Thinking like a defender • OS security configuration is important • Patching/update must be supported and secure
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 16 Attack Surface – Attacking the Things and Gateways Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • Things and gateways are physically accessible • I can steal one and reverse engineer it • I can then attack another one • Denial-of-service or tampering may be options Thinking like a defender • Make devices (at least partly) tamper-proof • Otherwise, make them tamper-evident • Include organizational measures to detect attacks
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device 17 Steal data from another device Duplicate registration of a device Activate without registering Add device record in the cloud Insert device in supply chain Add a compromised device Modify the device’s software Modify an existing device Modify the device’s hardware Tamper with the device externally Replace an existing device Compromise a device Steal data from the network Reconfigure a gateway Replace device physically Replace device in cloud
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 18 Compromise a device Tamper with persistent memory Tamper with data Tamper with applications Tamper with system software Spy on the persistent memory Disclose data Disclose applications Disclose system software
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 19 Spy on the persistent memory Disclose data 109 Disclose applications Disclose system software Disclose system software Disclose application Disclose application data 1 Disclose buffered messages 2 Disclose application data 3 Disclose server verification data 4 Disclose device registration data 5 Disclose device authent data Disclose authent data
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 20 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Server Authentication 21 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Internet of Things Cloud Service Oracle Confidential – Internal/Restricted/Highly Restricted 22 Device Virtualization High Speed Messaging Stream Processing Endpoint Management Event Store IoT Cloud Service Enterprise Connectivity Integration Cloud Service BI & Big Data Cloud Service Oracle Cloud Services Mobile Cloud Service 3rd party apps Industry Vertical Apps Enterprise Apps Cloud or On Premise Manufacturing Transportation Service Mgmt Asset Mgmt Firewall Oracle IoT CS Gateway s/w 3rd party gateway s/w with Oracle IoT Client Library IoT Cloud Service Client Libraries & Gateway Indirectly connected devices Directly connected devices
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 23 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 24 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 25 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service  
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 26 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service      
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | ❶ Protecting the keys (even public) Q What if the attacker modifies my certificate? A Keep the public key in a Secure Element and have the Secure Element verify the signature. ❷ Checking code authenticity Q Am I sure that no attacker changed the code? A Add a cryptographic checksum, and check that the signature comes from the right person. 27 ❸ Adding hardware-based security Q What if the attacker removes my checks? A Use a secure boot mechanism based on a hardware-based mechanism (TPM, TEE, …). Protecting against Man-in-the-Middle  Stopping at some point A The SE’s security has been certified. A The platform’s security has been certified.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | What if it isn’t Possible? Explore alternatives – Use tamper-resistant hardware – Use tamper-evident hardware – Define security procedures – Use physical security Example: in a factory – Thoroughly check devices (including software) before installing them – Make sure that every device is covered by a security camera – Instruct security staff to regularly inspect devices for unusual 28
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | That Was a Threat Model • We went through several steps – Defining assets to be protected – Defining potential attack means on these assets – Defining countermeasures, and then countermeasures on the countermeasures – Thinking about the implementation • This Threat Modeling process can be made more formal – It is an essential work in an IoT deployment today – Many vertical/industry/customer-specific aspects to the threat model 29
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Putting in Practice in Gateways and Devices What needs to be done • Select an IoT infrastructure – Manage device identity, credentials, lifecycle, communication, policies • Select a device platform – Robust hardware / OS / Robust development framework • Select a trusted hardware – Markets with high – security insurance needs & unprotected physical devices How Oracle can help • Oracle IoT Cloud Service – State-of-the-art security and strong integration with enterprise services • Java ME/SE Embedded – A guarantee of strong and secure apps on your infrastructure • Java Card – To ensure that your trusted hardware can evolve over time 30
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | A few References • An accessible and useful book on threat analysis – http://threatmodelingbook.com/ • Details on the BMW hack – http://m.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s- ConnectedDrive-2540957.html • Scaring yourself with potential issues – https://www.dropbox.com/s/oh6xrb7chgoks4j/internetoffails.pdf?dl=0 • A few really good recommendations – http://www.esecurityplanet.com/network-security/6-tips-for-developing-secure-iot- apps.html 31
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 32 Summary • Start by thinking like an attacker – What is “tempting” in my system? • To who? Why? – How can my system be attacked? • Which components provide an opportunity • Then think like a defender – Identify your weaknesses • What is wrong? What may not be right? – Find proper countermeasures • Work with all stakeholders – For devices, gateways, frameworks • Vet their security and their integration Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 33
Threat Modeling for the Internet of Things
Ad

Recommended

Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT Systems
Denim Group
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Dilum Bandara
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
Mykhailo Antonishyn
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
Rogue Wave Software
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
Priyanka Aash
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
Priyanka Aash
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarin
Nicolas Milcoff
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Denim Group
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
Application security
Application securityApplication security
Application security
Hagar Alaa el-din
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
InfosecTrain
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
Dilum Bandara
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
Thomas Malmberg
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
Jonathan Marcil
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to Vulnerabilities
Security Innovation
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
Dr. Anish Cheriyan (PhD)
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
Security Innovation
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
Rinaldi Rampen
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
NCC Group
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Marco Morana
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
chuckbt
 
Ad

More Related Content

What's hot (18)

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarin
Nicolas Milcoff
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Denim Group
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
Application security
Application securityApplication security
Application security
Hagar Alaa el-din
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
InfosecTrain
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
Dilum Bandara
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
Thomas Malmberg
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
Jonathan Marcil
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to Vulnerabilities
Security Innovation
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
Dr. Anish Cheriyan (PhD)
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
Security Innovation
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
Rinaldi Rampen
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarin
Nicolas Milcoff
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Denim Group
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
Application security
Application securityApplication security
Application security
Hagar Alaa el-din
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
InfosecTrain
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
Dilum Bandara
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
Thomas Malmberg
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
Jonathan Marcil
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to Vulnerabilities
Security Innovation
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
Dr. Anish Cheriyan (PhD)
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
Security Innovation
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
Rinaldi Rampen
 

Viewers also liked (20)

Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
NCC Group
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Marco Morana
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
chuckbt
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSGDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWS
Ladislav Prskavec
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...
POSSCON
 
Final
FinalFinal
Final
emiliomerayo
 
Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015
DavidAllder
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
Source Conference
 
Eloqua B2B Marketing Automation
Eloqua B2B Marketing AutomationEloqua B2B Marketing Automation
Eloqua B2B Marketing Automation
Jim Stafford
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
Source Conference
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
Danny Wong
 
Functional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic ProgrammerFunctional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic Programmer
Raúl Raja Martínez
 
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migratingWordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
James Stone
 
NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015
Val Bercovici
 
CraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipsterCraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipster
craftworkz
 
Using Data to Drive Interactions
Using Data to Drive InteractionsUsing Data to Drive Interactions
Using Data to Drive Interactions
Neil Sholay
 
Oracle Marketing Cloud
Oracle Marketing CloudOracle Marketing Cloud
Oracle Marketing Cloud
Bob Lewis ?
 
Customer journey mapping
Customer journey mappingCustomer journey mapping
Customer journey mapping
Cardiff City FC
 
Fujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA SolutionsFujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA Solutions
Fujitsu America
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
NCC Group
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Marco Morana
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
chuckbt
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSGDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWS
Ladislav Prskavec
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...
POSSCON
 
Final
FinalFinal
Final
emiliomerayo
 
Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015
DavidAllder
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
Source Conference
 
Eloqua B2B Marketing Automation
Eloqua B2B Marketing AutomationEloqua B2B Marketing Automation
Eloqua B2B Marketing Automation
Jim Stafford
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
Source Conference
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
Danny Wong
 
Functional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic ProgrammerFunctional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic Programmer
Raúl Raja Martínez
 
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migratingWordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
James Stone
 
NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015
Val Bercovici
 
CraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipsterCraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipster
craftworkz
 
Using Data to Drive Interactions
Using Data to Drive InteractionsUsing Data to Drive Interactions
Using Data to Drive Interactions
Neil Sholay
 
Oracle Marketing Cloud
Oracle Marketing CloudOracle Marketing Cloud
Oracle Marketing Cloud
Bob Lewis ?
 
Customer journey mapping
Customer journey mappingCustomer journey mapping
Customer journey mapping
Cardiff City FC
 
Fujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA SolutionsFujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA Solutions
Fujitsu America
 
Ad

Similar to Threat Modeling for the Internet of Things (20)

Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure Containerization
Domenico Catalano
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
TechWell
 
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Indus Khaitan
 
Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server
zOSCommserver
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
Eric Vétillard
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
TechWell
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
Bitbar
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
MarketingArrowECS_CZ
 
Oracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for SecurityOracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for Security
Chris Muir
 
Testing with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTesting with a Rooted Mobile Device
Testing with a Rooted Mobile Device
TechWell
 
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Denim Group
 
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Nadine Schoene
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application security
Rogue Wave Software
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
Denim Group
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
Sam Bowne
 
Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?
Tom Kranz
 
Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?
Tom Kranz
 
Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure Containerization
Domenico Catalano
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
TechWell
 
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Indus Khaitan
 
Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server
zOSCommserver
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
Eric Vétillard
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
TechWell
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
Bitbar
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
MarketingArrowECS_CZ
 
Oracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for SecurityOracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for Security
Chris Muir
 
Testing with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTesting with a Rooted Mobile Device
Testing with a Rooted Mobile Device
TechWell
 
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Denim Group
 
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Nadine Schoene
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application security
Rogue Wave Software
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
Denim Group
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
Sam Bowne
 
Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?
Tom Kranz
 
Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?
Tom Kranz
 
Ad

More from Eric Vétillard (8)

New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web Servers
Eric Vétillard
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
Eric Vétillard
 
Java Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCJava Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFC
Eric Vétillard
 
Java Card in Banking and NFC
Java Card in Banking and NFCJava Card in Banking and NFC
Java Card in Banking and NFC
Eric Vétillard
 
First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
Eric Vétillard
 
Java Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-EnterpriseJava Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-Enterprise
Eric Vétillard
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
Eric Vétillard
 
Java Card, 15 years later
Java Card, 15 years laterJava Card, 15 years later
Java Card, 15 years later
Eric Vétillard
 
New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web Servers
Eric Vétillard
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
Eric Vétillard
 
Java Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCJava Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFC
Eric Vétillard
 
Java Card in Banking and NFC
Java Card in Banking and NFCJava Card in Banking and NFC
Java Card in Banking and NFC
Eric Vétillard
 
First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
Eric Vétillard
 
Java Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-EnterpriseJava Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-Enterprise
Eric Vétillard
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
Eric Vétillard
 
Java Card, 15 years later
Java Card, 15 years laterJava Card, 15 years later
Java Card, 15 years later
Eric Vétillard
 

Recently uploaded (20)

How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Orangescrum
 
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& ConsiderationsDesigning AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Dinusha Kumarasiri
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Download YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full ActivatedDownload YouTube By Click 2025 Free Full Activated
Download YouTube By Click 2025 Free Full Activated
saniamalik72555
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Orangescrum
 
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& ConsiderationsDesigning AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Dinusha Kumarasiri
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
FL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full VersionFL Studio Producer Edition Crack 2025 Full Version
FL Studio Producer Edition Crack 2025 Full Version
tahirabibi60507
 

Threat Modeling for the Internet of Things

  • 1. Threat Modeling for the Internet of Things Eric Vétillard IoT Product Management Group September 2015
  • 2. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Agenda 1 2 3 4 5 Definitions Concerns and threats Some countermeasures Device and gateway security Simple checklist 3
  • 4. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 4 IoT Infrastructure – Main components Devices Enterprise Apps Operators IoT Service Gateway
  • 5. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safety vs. Security Safety • Protects against malfunction – Focus on quality • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps Security • Protects against attackers – Focus on robustness – Several defence layers • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps 5
  • 6. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 6 Attack Surface – Main components Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway
  • 7. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 7 Attack Surface – Specific to the Internet of Things Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway
  • 8. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 8 Attack Surface – Software Components Devices Messages IoT Service HW / OS Framework Cloud/Server Framework
  • 9. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In the Press • In 2015, a few car-related headlines – BMW Connected Drive hack sees 2.2 million cars exposed to remote unlocking (02/02) – DARPA Hacks GM's OnStar To Remote Control A Chevrolet Impala (02/08) – US Senate Report: Automakers fail to fully protect against hacking (02/09) – Hackers take control of Jeep on the highway (August) • A few unrelated headlines from 2014 – Hackers had struck an unnamed steel mill in Germany (Jan) – U.S. government probes medical devices for possible cyber flaws (Oct 14) 9 Privacy Spying Theft Remote Control Physical damage Murder?
  • 10. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In Practice: The BMW Hack • A lab has been able to remotely open a BMW car – Reverse engineering the ConnectedDrive feature to identify vulnerabilities – Exploiting the vulnerabilities identified through an attack path • The list of vulnerabilities is rather long – The same keys are used in all vehicles – Some messages are not encrypted – Configuration data is not tamper-proof – The crypto algorithm used (DES) is outdated and broken – The software does not include protection against replay attacks • One fix: The communication is now encrypted using HTTPS 10
  • 11. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | The BMW Hack: Poor Decisions Poor decision Safety reasoning Security reasoning Using the same keys Simple process No complex infrastructure Keys need to be diversified A key needs to be broken on every car No systematic encryption Only critical messages are encrypted A secure channel protects against reverse engineering Configuration data no tamper-proof Configuration data integrity is protected by a checksum Configuration data authenticity is protected by a cryptographic checksum The vehicle ID is in error messages Simplify diagnosis by having the data A remote attacker doesn’t have the ID, so let’s protect it Using DES Well-known, fast algorithm DES is broken, let’s mandate AES No protection against replay attacks Same message, same action A recorded message cannot have the same effect when replayed 11
  • 12. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Threat Analysis Thinking like an attacker • Very important to validate a design – Identify the key assets and their flows – Analyze how security protections can be bypassed – Consider vulnerabilities as opportunities • Identify countermeasures to be added to the design – And loop again on the analysis 12
  • 13. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 13 Attack Surface – Between Devices and IoT Service Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway Thinking like an attacker • Attacking the network link, remotely • Any operation can be attacked • Targeting admin operations can be good • A failure can affect many deployments Thinking like a defender • IoT framework typically not fully under control • Patching/update must be supported at all levels
  • 14. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 14 Attack Surface – Device Low-level Software Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • IoT operating systems are not well protected • Older attacks may even work • Maybe that the update mechanism is broken Thinking like a defender • OS security configuration is important • Patching/update must be supported and secure
  • 15. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 16 Attack Surface – Attacking the Things and Gateways Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • Things and gateways are physically accessible • I can steal one and reverse engineer it • I can then attack another one • Denial-of-service or tampering may be options Thinking like a defender • Make devices (at least partly) tamper-proof • Otherwise, make them tamper-evident • Include organizational measures to detect attacks
  • 16. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device 17 Steal data from another device Duplicate registration of a device Activate without registering Add device record in the cloud Insert device in supply chain Add a compromised device Modify the device’s software Modify an existing device Modify the device’s hardware Tamper with the device externally Replace an existing device Compromise a device Steal data from the network Reconfigure a gateway Replace device physically Replace device in cloud
  • 17. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 18 Compromise a device Tamper with persistent memory Tamper with data Tamper with applications Tamper with system software Spy on the persistent memory Disclose data Disclose applications Disclose system software
  • 18. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 19 Spy on the persistent memory Disclose data 109 Disclose applications Disclose system software Disclose system software Disclose application Disclose application data 1 Disclose buffered messages 2 Disclose application data 3 Disclose server verification data 4 Disclose device registration data 5 Disclose device authent data Disclose authent data
  • 19. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 20 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
  • 20. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Server Authentication 21 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
  • 21. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Internet of Things Cloud Service Oracle Confidential – Internal/Restricted/Highly Restricted 22 Device Virtualization High Speed Messaging Stream Processing Endpoint Management Event Store IoT Cloud Service Enterprise Connectivity Integration Cloud Service BI & Big Data Cloud Service Oracle Cloud Services Mobile Cloud Service 3rd party apps Industry Vertical Apps Enterprise Apps Cloud or On Premise Manufacturing Transportation Service Mgmt Asset Mgmt Firewall Oracle IoT CS Gateway s/w 3rd party gateway s/w with Oracle IoT Client Library IoT Cloud Service Client Libraries & Gateway Indirectly connected devices Directly connected devices
  • 22. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 23 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
  • 23. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 24 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
  • 24. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 25 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service  
  • 25. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 26 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service      
  • 26. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | ❶ Protecting the keys (even public) Q What if the attacker modifies my certificate? A Keep the public key in a Secure Element and have the Secure Element verify the signature. ❷ Checking code authenticity Q Am I sure that no attacker changed the code? A Add a cryptographic checksum, and check that the signature comes from the right person. 27 ❸ Adding hardware-based security Q What if the attacker removes my checks? A Use a secure boot mechanism based on a hardware-based mechanism (TPM, TEE, …). Protecting against Man-in-the-Middle  Stopping at some point A The SE’s security has been certified. A The platform’s security has been certified.
  • 27. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | What if it isn’t Possible? Explore alternatives – Use tamper-resistant hardware – Use tamper-evident hardware – Define security procedures – Use physical security Example: in a factory – Thoroughly check devices (including software) before installing them – Make sure that every device is covered by a security camera – Instruct security staff to regularly inspect devices for unusual 28
  • 28. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | That Was a Threat Model • We went through several steps – Defining assets to be protected – Defining potential attack means on these assets – Defining countermeasures, and then countermeasures on the countermeasures – Thinking about the implementation • This Threat Modeling process can be made more formal – It is an essential work in an IoT deployment today – Many vertical/industry/customer-specific aspects to the threat model 29
  • 29. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Putting in Practice in Gateways and Devices What needs to be done • Select an IoT infrastructure – Manage device identity, credentials, lifecycle, communication, policies • Select a device platform – Robust hardware / OS / Robust development framework • Select a trusted hardware – Markets with high – security insurance needs & unprotected physical devices How Oracle can help • Oracle IoT Cloud Service – State-of-the-art security and strong integration with enterprise services • Java ME/SE Embedded – A guarantee of strong and secure apps on your infrastructure • Java Card – To ensure that your trusted hardware can evolve over time 30
  • 30. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | A few References • An accessible and useful book on threat analysis – http://threatmodelingbook.com/ • Details on the BMW hack – http://m.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s- ConnectedDrive-2540957.html • Scaring yourself with potential issues – https://www.dropbox.com/s/oh6xrb7chgoks4j/internetoffails.pdf?dl=0 • A few really good recommendations – http://www.esecurityplanet.com/network-security/6-tips-for-developing-secure-iot- apps.html 31
  • 31. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 32 Summary • Start by thinking like an attacker – What is “tempting” in my system? • To who? Why? – How can my system be attacked? • Which components provide an opportunity • Then think like a defender – Identify your weaknesses • What is wrong? What may not be right? – Find proper countermeasures • Work with all stakeholders – For devices, gateways, frameworks • Vet their security and their integration Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
  • 32. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 33