Agenda
• Attack trees • Attack libraries • Quiz notes
• Reading: Chapter 4, 5
Approach
• “What can go wrong” & “what to do about it” are often (and reasonably) tied together in practice
• This course splits them because they are distinct questions & skills
Security mavens Experts in other areas
STRIDE Trees Libraries
ATTACK TREES
Attack Trees
• Structured relationship between attack details – Detail (This is a subcategory of that – sequencing) – Present as outline, picture (graphically) – Creation vs. use (“best” depends on needs)
Using an Attack Tree
• Find an appropriate tree – Web search – Appendix B of Threat Modeling
• Iterate through your diagram & tree – “Does this apply here?” – More precise iteration is more useful when you’re
learning, or for high-stakes analysis
Creating Attack Trees
• Creating attack trees – for a project – for general use (very hard!)
• Steps: – Choose a representation – Create a root node (goal, “Get root”) – Add subnodes – Consider completeness – Prune (mark – don’t delete) – Check
ATTACK LIBRARIES
Libraries
• Collections of knowledge for you to apply • Collection of detailed lists of common problems
• Important considerations • Audience • Scope
• More structured than a mnemonic • More detailed than a tree • CAPEC is the most detailed library available
today, offering great structure • OWASP – Web application centric
Checklists and Literature Search
• Checklists • Static • Useful for commonly recurring threats • May limit creativity
• Literature search • Review of past attacks • Useful to leverage work on similar systems
Recap
• Memonics like STRIDE, trees, and libraries can all support finding threats—what can go wrong.
• The best tool is the one that works for you/your team – Those may be different
• Familiarity with a spectrum will help you
Quiz notes
• Quiz this week • 4% of total grade • 20 multiple choice questions • 20 minutes to complete • You have only 1 chance to take this quiz
• No re-take option! • Do NOT start the quiz until you are really ready to take the whole quiz!