Security Fundamentals and Threat Modelling

1. Presented By: Etash Singh

2. Lack of etiquette and manners is a huge turn oﬀ. KnolX Etiquettes Punctuality Respect Knolx session timings, you are requested not to join sessions after a 5 minutes threshold post the session start time. Feedback Make sure to submit a constructive feedback for all sessions as it is very helpful for the presenter. Silent Mode Keep your mobile devices in silent mode, feel free to move out of session in case you need to attend an urgent call. Avoid Disturbance Keep your mics on mute unless it is for any questions or suggestions.

3. 01 Today’s Digital Enterprise 02 Emerging Security Trends 03 Fundamentals of Security 04 Security Design Principles 05 Threat Modelling Our Agenda 06 How DevSecOps Fits Into the Picture

4. Today’s Digital Enterprise 1. Key Pillars: a. Cloud b. Big Data c. BYOD Security

5. Emerging Security Trends

6. Emerging Security Trends Some important questions that customers are asking organizations nowadays: 1. Are your engineers trained in security? 2. How do you separate my data? 3. Where do you store and how do you protect my data? 4. Are you encrypting data at rest? 5. Do you run scans regularly? 6. How are the accounts with highest privilege managed? 7. Can you ensure my data is wiped after end of service? 8. Risk, Incident, Vendor, Physical security management policies Some Cyber Security Facts: 1. Damage related to cybercrime is projected to hit $6 trillion annually by 2021 2. Ransomware damage costs were almost $11.5 billion in 2019 with one business falling victim to it every 14 seconds 3. The most expensive component of a cyber attack is information loss, which represents 43% of costs according to a report by Accenture

7. Fundamentals of Security Important Security Terminologies ➔ Vulnerability ◆ A weakness that can be exploited by a hacker ➔ Threat ◆ Potential for an incident that may result in harm of systems and organization ◆ Includes natural and man-made threats ➔ Attack ◆ An action exploiting a vulnerability with intention to harm an asset ➔ Exploit ◆ Code/information widely available that can be used to create attacks for known vulnerabilities

8. Fundamentals of Security Core Security Tenets ➔ Confidentiality ◆ Preventing information access to unauthorized users ◆ Enabled by encryption and authentication ➔ Integrity ◆ Data and system state can be modified by only authorized users ◆ Enabled by using authentication and digital signature ➔ Availability ◆ Continuous and reliable access to resources ◆ E.g. Protect against DDos attacks ➔ Privacy ◆ Control over extent of sharing physical, behavioral or intellectual data ◆ Privacy laws determines what personal data can be shared with third parties and also how to secure personal data

9. Fundamentals of Security Security Properties ➔ Identification ◆ Process of presenting an identity to a system ➔ Authentication ◆ Process of validating an identity provided to a system ➔ Authorization ◆ Process of determining the privileges/access policies ➔ Non-Repudiation ◆ Mechanism that allows users not to deny certain actions

10. Security Design Principles Some important security design principles: ➔ Defense in Depth ➔ Least privilege ➔ Segmentation ➔ Input Validation ➔ Audit and Logging ➔ Secure by Default ➔ Secure the Weakest Link ➔ Keep Designs Simple ➔ Fail Secure ➔ Avoid Security by Obscurity

11. Secure Development Lifecycle (SDL) Weinberg’s Second Law If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization

12. Secure Development Lifecycle (SDL) We have these problems: 1. Security landscape is changing 2. Regulatory landscape is changing 3. Market is changing We have to do four things: 1. Document, evaluate and deepen our secure development methodologies 2. Assure the integrity and security of our supply chain throughout the system life cycle 3. Secure our development environments 4. Deepen our product security architecture

13. Threat Modelling What is Threat Modelling? ● A process to model the application architecture and high level design to proactively identify flaws and limitations of the design and mitigate them ● Results from here help to drive best practices to be applied during construction/validation phase What would be the outcome of Threat Modelling? ● Identify threats ● Determine counter-measures ● Mitigations to be documented in Product backlog and implemented in the software ● All threats and mitigations identified should be tested during validation phase Benefits: ● Helps in designing more secure products by identifying threats early in the development cycle ● Helps in formal security documentation and review of security architecture ● Enables focused security testing ● Simplifies certifications and helps implement common security design and best practices

14. Threat Modelling S.T.R.I.D.E ● Software centric threat modelling based on grouping threats into categories ● Derived from an acronym for the following threat categories: ○ Spoofing Identity ○ Tampering with Data ○ Repudiation ○ Information Disclosure ○ Denial of Service ○ Elevation of Privilege ● An approach that helps us with threat modelling without actually being an expert

15. Threat Modelling Application of S.T.R.I.D.E ● Decompose the system into its relevant components ● Decompose components into elements ○ Data flows, data stores, processes, and interactors and trust boundaries ○ Different levels starting with Context Diagrams ● Analyze the threats in each components ○ Identify and map the threats each of the elements may face ● Mitigate the threats ○ Each threat maps to Security Property ○ Enhancing the Security property mitigates the threat

16. Threat Modelling Application of S.T.R.I.D.E ● Mapping Threats to Elements Element Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of Privilege Data Flows X X X Data Stores X X X Processes X X X X X X Interactors X X

17. Threat Modelling Application of S.T.R.I.D.E ● Mitigating Threats Threats Security Property Spoofing Authentication Tampering Integrity Repudiation Non-repudiation Information Disclosure Confidentiality Denial of Service Availability Elevation of Privilege Authorization

18. Threat Modelling Hybrid IT Threat Modelling Process ● Step 1: Ensure you have one or more security architecture diagram ○ Start with context diagram capturing the security architecture with all external/key interfaces, actors, data flows and main solution components ○ Capture key assumptions made in diagram ○ Ensure all inputs and outputs are noted ○ Describe clear threat boundaries ○ Show key assets that need special protection ● Step 2: Get security architecture formally reviewed ○ At least one security expert form outside the team ○ Identify real threats/vulnerabilities and assess risks ■ Risk = Impact * Possibility ○ Determine appropriate mitigations

19. Threat Modelling Exit Criteria for Threat Modelling ● Completed and reviewed threat models at solution level ● Completed and reviewed threat models at product level ● Everything documented ● Ensure implementation is there at validation phase

20. Cyber Risk Report The Threat Landscape ● 75% Mobile applications with critical vulnerabilities ● 8/10 Exploited vulnerabilities > 3 years old ● 14% increase in use of Open Source Components ● 153% YoY growth in Android threats ● 100K Banking trojans detected ● 80% open source applications with security feature vulnerabilities

21. How DevSecOps Fits Into the Picture

22. How DevSecOps Fits Into the Picture DevOps Scope DevSecOps Scope

23. OUR CHART Insert Your Subtitle Here Reference ● https://www.accenture.com/_acnmedia/PDF-116/Accenture-Cybers ecurity-Report-2020.pdf ● https://www.eccouncil.org/threat-modeling/