CIS 6614 meeting -*- Outline -*- * Process for Attack Simulation and Threat Analysis (PASTA) See https://youtu.be/8k-I3vn8C2A (for an overview video), https://versprite.com/blog/what-is-pasta-threat-modeling/ (for an overview), and https://versprite.com/ebooks/leveraging-risk-centric-threat-models-for-integrated-risk-management/ (for an ebook, free but requires registration) ------------------------------------------ PROCESS FOR ATTACK SIMULATION AND THREAT ANALYSIS (PASTA) Stages: 1. Define objectives What is app's purpose? What is the business impact? What requirements/compliance? 2. Define technical scope/attack surface What is the high level arch./design? What tech. is involved? - protocols? - types of data? - s/w and tech. dependencies? - servers? services? - network devices? 3. Decompose the app. What assets? What dataflows? What actors? Roles? Permissions? What trust levels? trust boundaries? Any implicit trust relationships? 4. Analyze threats What are the probable scenarios? What do logs or reports tell us? 5. Vulnerability analysis How do existing vulnerabilities map to threats? How likely are these to be exploited? 6. Attack analysis What is the app's attack surface? What attack vectors are likely? 7. Risk and impact analysis What is the remaining risk? What is the business impact? ------------------------------------------ stage 3 produces: - a DFD and trust boundaries - an access control matrix - list of assets including data, data sources and trust levels. implicit trust is a "good candidate for exploitation" stage 4 produces: - attack-scenario landscape report - list of threat agents and attack vectors - report on what incidents/events are likely and attack scenarios, with evidence for how likely these are stage 7 produces: - app risk profile - risk report - threat matrix with: threats, attacks, vulnerabilities, business impact - risk mitigation strategy