Professional Documents
Culture Documents
Threat Modeling
Trust Levels
– Remote Unauthenticated Users
– Remote Authenticated User
– Remote Application Admin User
– Web Administrator
– Web Server Process
– DB Administrator
CSC 382: Computer Security Slide #10
Characterize System Security
1. Use and misuse scenarios.
– How do users use the system to fulfill needs?
– How could an adversary use these system interfaces to
attack the system?
2. Identify assumptions and dependencies.
– How does system security depend on external
systems?
– What assumptions do components make about data or
control transfers with other components?
3. Model the system.
– Model how system processes data from each entry
point using tools like DFDs.
CSC 382: Computer Security Slide #11
Use Case Example
UC 1: Login to Web Store
Primary Actor: Customer
Stakeholders and Interests:
– Customer: Wants to purchase products.
Preconditions: Customer has web access.
Postconditions: Customer has access to their
account, with the ability to pay for and ship
products.
Summary: Customer gains access to system using
an assigned username and password.
Report System
Read
Audit
Write
Audit
User Aud
sp o nse Service it Da
ta
Re
Audit
Authn Engine
Info
Requests
Audit
Audit
Info
Authn
t
Req hn
ues
Aut
Engine
Set Admin
Get se r Data
U
Creds
Mnmgt
Credentials Tool
e r rif y
a
at
U s Ve
Set/Get
D
CSC 382: Computer Security Creds Slide #18
DFD Exercise
Draw a level 1 data flow diagram of an
email service. Don’t forget to include:
– Users receiving and sending mail.
– Mail server interactions with other mail servers
for non-local messages.
– Message store interactions.
– Error conditions: What if a user sends a
message to a remote server that’s currently
down? You should retry the send later, without
bothering the user until X retries have failed.
Read File