Description
Use the `Microsoft Threat Modeling’ slides as a reference its uploaded downP.s: In case the MTM tool installation does not properly work on your end, you can proceed with this alternative online tool:
Unformatted Attachment Preview
CYS402 – ACTIVITY 4.1 – CHAPTER 4
The purpose of this activity is to help you enumerate and model the
security of your system architecture by looking at it from the point of
view of threats. According to the Microsoft Threat Modeling
methodology, we treat the word “threat” as a class of exploits. They fall
into the following categories (STRIDE):
•
Spoofing
•
Tampering
•
Repudiation
•
Information Disclosure
•
Denial of Service
•
Elevation of Privilege
ACTIVITY
Today, let’s model a cloud-based storage system. Store a file in a folder on your desktop, and it gets
immediately uploaded to the server. Users can share folders, allowing other users or the public view
the files. The context level diagram of the file sharing system is represented in
Figure 1: Context Level Diagram
The aim of this activity is to Identify Threats based on the STRIDE threat modelling using Microsofot
Threat Modeling Tool (TMT).
Part I: Model without trust boundaries
1. Open the Microsoft Threat Modeling tool. Before going further, save your file, calling
it FileSharing.tm4. The tool can be found here.
2. Start your model by creating processes, interactors and stores.
3. Next, add data flow relationships.
4. Now go to Analyze model.
5. Expand a few of the items. Notice the vast number of potential threats that can arise and their
STRIDE category. In your report, provide the number of threats of each category.
6. Not all the threats are meaningful; It depends on the system under consideration.
Let’s eliminate some threats to be generated with some assumptions. Discuss which threat
categories you believe are not possible in the File Sharing system. Change those to “Not
Applicable”. In your report, provide the list of “Not Applicable” threats and provide your
arguments.
7. Now let’s revise 2 threats, getting our inspiration from the diagram. Fill in the potential
mitigations you might take in the Justification text box.
8. Fill the Model Information from the File Menu; the model name, your names,…..
9. At this point, check the report by going to Generate Reports. Note anything you believe is
missing. Name the generated report “Report 1”
10. Save your Model as “Model 1”.
Part II: Model with trust boundaries
1. Open “Model 1”.
2. Add a Trust Box to your Model 1; Put both the File Sharing Application and the File Store inside
the box.
3. Save your Model as “Model 2”
4. Analyze the Model. Compare the list of identified threats in Model 1 to the list of identified
threats in Model 2.
5. Fill the Model Information from the File Menu; the model name, your names,…..
6. At this point, check the report by going to Generate Reports. Note anything you believe is
missing. Name the generated report “Report 2”
7. What do you think about the list of threats in case the Trust Box includes only the File Sharing
Application.
Documents to be submitted to the LMS:
•
Your word file report with the DFD built in the Microsoft TMT, Part I question 5 and
question 6 answers, and Part II question 4 answer.
•
Model 1.tm, Model 2.tm, Report1.htm, Report2.htm
MICROSOFT THREAT MODELING TOOL
Download the Microsoft TMT from here.
I.
This section describes the steps to create a new threat model.
1. Start TMT. From Home screen.
2. Click on Create a Model from home screen. This brings up the drawing surface where you will
create the data flow diagram.
II.
Drawing Your Model
Draw your data flow diagram by selecting elements from the Stencils pane. You can select processes,
external entities, data stores, data flows, and trust boundaries.
1. To select an element to draw:
• Select an element from the Stencils pane and drag it across the drawing surface.
• Right-click on the drawing surface to bring up a context menu that allows you to add a
generic element from each Stencils category
2. To add a data flow between the two most recently selected objects:
• Right-click the drawing surface and select Connect or Bi-Directional Connect.
• Alternatively, select the appropriate data flow from the Flow tab in the Stencils pane and
place it on the drawing surface.
III.
Modifying Attributes
To modify an element from a generic element into a more specific one:
•
Use the Element Properties pane.
•
Right-clicking an element to convert it to another element type. If necessary, convert it
from a generic element to a specific type of process, data flow, data store, external
element, or trust boundary. For example, a generic data flow can be converted to HTTPS.
Additionally, you can edit the properties of the element directly in the Properties pane.
IV.
Identifying and Analyzing Threats
When you have completed your data flow diagram, switch to the Analysis view by using one of the
following methods:
• From the View menu, select Analysis View.
• Click the Analysis View button on the toolbar.
For each of your threats, enter information about how to mitigate the threat:
1. Double click on the threat. A Threat Properties pane appear.
2. Determine if the threat requires mitigation and categorize the mitigation by selecting one of the
following options from the Threat Status dropdown list.
1. Not Started
2. Needs Investigation
3. Not Applicable
4. Mitigated
1. Select one of the following threat priorities from the Threat Category dropdown list.
1. High (default)
2. Medium
3. Low
2. Enter your mitigation information in the Justification for threat state change text box.
• NOTE: Justification is required for threats in the Mitigated or Not Applicable states.
V.
Reviewing Threats
The threat list is sortable and filterable. You can click on any column header in the threat list to sort by
that column. You can click on the triangles on the column headers to filter as many columns as you like.
The clear filters button at the bottom of the threat list will clear any filters.
VI.
Finish and Create a Report
After all threats have been addressed, finish your threat model:
1. If you have not done so already, enter general information about the threat model by selecting
Threat Model Information from the main menu. This information includes:
1.
1. Review participants
2. A brief description
2. To save the model, select File >Save As.
3. To create a report, select Reports >Full Report.
Threat Modeling
CYS402
1
Outline
+ Microsoft Threat Modeling Tool 2016
+ Definition
+ Model in use
+ The design View and DFDs
+ The Analysis View and Threat Management
2
Definition
+ Offers a description of the security issues
and resources the designer cares about;
+ Can help to assess the probability, the
potential harm, the priority etc., of attacks, and
thus help to minimize or eradicate the threats.
3
Definition
+ Microsoft’s Security Development Lifecycle (SDL)
acts as a security assurance process which focuses
on software development used to ensure a
reduction in the number and severity of
vulnerabilities in software;
+ Threat Modeling is a core element of the
Microsoft SDL;
4
Definition
+ graphically identifies processes and data flows
(DFD) that comprise an application or service.
+ enables any developer or software architect to
+
+
+
Communicate about the security design of their systems;
Analyze those designs for potential security issues using a
proven methodology;
Suggest and manage mitigations for security issues.
+ based on the STRIDE Model.
5
microsoft Threat Modeling Tool
The Microsoft Threat Modeling tool offers an easy way to get
started with threat modeling.
6
microsoft Threat Modeling Tool
+
Process: components that perform
computation on data
+
External: entities external to the system such
as web services, browsers, authorization providers
+
+
+
etc.
Store: data repositories
Flow: communication channels used for data
transfer between entities or components
+
Boundary: trust boundaries of different kinds
such as internet, machine, user-mode/
7
: DFD
microsoft Threat Modeling Tool
The tool uses a simple drag and
drop action in order to build a flow
diagram for any use case or
function specified. we use DFD to
illustrate how data moves
through the system.
8
microsoft Threat Modeling Tool: Analysis View
+
Switching to the Analysis view displays an auto generated list of
possible threats based on the data flow diagram.
+ we illustrate with this view the different threats as well as their
properties such as (name, categories, description, Threat Priority:
High, Medium, or, Low)
9
microsoft Threat Modeling Tool: Reporting
+
In addition, a Report feature allows the generation of a comprehensive report
covering all identified threats and their current state.
10
+ The Microsoft’s SDL threat Modeling Tool 2016
offers an easy drawing environment, an
automatic threat generation using the stride per
interaction approach .
+ It helps engineers analyze the security of
their systems to find and address design issues
early in the software lifecycle.
11
Purchase answer to see full
attachment