none
Thesis about Threat Modeling RRS feed

  • Question

  • Hi , first let me introduce my self , I am Gustavo Gomez and I live in Asuncion (Paraguay), i doing my thesis about threat modeling with a approach to risk managment.
    Second thanks very much for the work in this area , it help a lot to novice developer to make security a part of their dev cicle.

    On my approach, i intend to make a very deep analysis to the assets of the company such as, server, information, investemnt and reputation of the company to make a clear outlook of what someone its trying to protect with the web application, and i wonder if a deep analysis is require to threat model and have real risk managment  ??

    Thanks

    Plz give me some mail to write some question !
    • Edited by Gus G Monday, July 20, 2009 9:30 PM
    • Moved by Hengzhe Li Tuesday, June 21, 2011 12:12 PM Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
    Tuesday, June 9, 2009 9:07 PM

Answers

  • Hi Gustavo,

    In SDL threat modeling, we moved away from asset-centric approaches to a software-centric approach, and it's working pretty well.  So there's evidence that you can threat model without a deep analysis of assets.  I've posted an academic paper on that approach at at http://blogs.msdn.com/sdl/archive/2008/10/08/experiences-threat-modeling-at-microsoft.aspx

    Recently, some of our colleagues have been introducing assets into that approach, and have published a guide on their work at http://go.microsoft.com/fwlink/?LinkId=154010

    I'd actually prefer to hold conversations like this in public--there's lots of people with experience in threat modeling, and I think we all benefit by sharing our questions and answers.
    Tuesday, June 16, 2009 3:52 PM
  • This is the correct link: http://go.microsoft.com/fwlink/?LinkId=154010

    So the approach you propose is a synthetic one, looking at software and assets to compose risks.  I might suggest that determining financial impacts of threats might be better viewed as an emperical problem.  In the United States, there have been laws in place since 2002 requiring disclosure of certain classes of security failures.  These failures are being cataloged at http://datalossdb.org

    It might be interesting to do independent research into the causes and impacts of those breaches.

    Adam

    Wednesday, June 17, 2009 3:08 PM

All replies

  • Hi Gustavo,

    In SDL threat modeling, we moved away from asset-centric approaches to a software-centric approach, and it's working pretty well.  So there's evidence that you can threat model without a deep analysis of assets.  I've posted an academic paper on that approach at at http://blogs.msdn.com/sdl/archive/2008/10/08/experiences-threat-modeling-at-microsoft.aspx

    Recently, some of our colleagues have been introducing assets into that approach, and have published a guide on their work at http://go.microsoft.com/fwlink/?LinkId=154010

    I'd actually prefer to hold conversations like this in public--there's lots of people with experience in threat modeling, and I think we all benefit by sharing our questions and answers.
    Tuesday, June 16, 2009 3:52 PM
  • Thanks Adam for your answers, the reason why i want to add assets approach on my thesis , is because at the end, my risk analysis will focus on the relation between software and assets, to determine the financial damage that could impact a threat to the businness, through the web application.

    Iam working on my background on risk managment, assets values and threat modeling , hope i going ok.

    The link of the guide you write, links to an Outlook Web Access, thats ok ? or i misunderstanding something ?

    Thanks a lot.

    Gustavo
    Tuesday, June 16, 2009 4:08 PM
  • This is the correct link: http://go.microsoft.com/fwlink/?LinkId=154010

    So the approach you propose is a synthetic one, looking at software and assets to compose risks.  I might suggest that determining financial impacts of threats might be better viewed as an emperical problem.  In the United States, there have been laws in place since 2002 requiring disclosure of certain classes of security failures.  These failures are being cataloged at http://datalossdb.org

    It might be interesting to do independent research into the causes and impacts of those breaches.

    Adam

    Wednesday, June 17, 2009 3:08 PM
  • Another question i have is... Why STRIDE ? whats are the factors microsoft took to categorize in that way..

    I read the Trike Methology and they group into 2 categories. Denial of Service and Elevation of provilege and they wrote that Tampering with data and Information Disclosure are instances of Elevation of privilege. that may be right ?

    Thanks
    No money, no signature..
    Monday, July 6, 2009 8:38 PM