This is a 2D presentation
(→ chapters / ↓ slides of that chapter)
- Move on: Space
- 2D-Navigation: Arrows
- Overview: Escape
- Fullscreen: F
built with reveal.js
This talk was recorded.
Let's build secure systems!
Is your threat modeling program a success?
Take Home Message Preview
- We can threat model all kinds of things - including processes.
- The threat modeling of threat
modeling
threat modeled threat modeling. - You can threat model your program, too!
Agenda for today
- Threat Modeling
- Threat Modeling of Threat Modeling
- Threat Modeling of your Threat Modeling
Hendrik Ewerlin
https://hendrik.ewerlin.com/security/- empowers people to build secure systems
- Developer → Cyber Security Architect
at
since 2010
- likes TM + E2EE + human-centered security
- likes philosophy + quotes + everyday wisdom
Threat Modeling
secure = protected from danger
danger = possibility of harm occurring
protection = likelihood ↓ / harm ↓
Shostack's
4 Question
Frame
for Threat Modeling
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good (enough) job?
( )
Meta Threat Modeling
Idea
Let's apply threat modeling
to threat modeling itself!
How to
threat model
a process
Usability
(ISO 9241-11:2018)
≈ how well your offer helps people
achieve their goals
Success
- Effectiveness:
achieved the goal - Efficiency:
quality ↑ cost ↓ - Satisfaction:
🥰
Harm
EffectivenessBlocker:
failed / stuckEfficiencyInefficiency:
💰💰💰 → 💩SatisfactionFrustration:
☹️
(ISO 9241-11:2018 quotes)
- "Usability = extent to which a system, product or service can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use"
- "Effectiveness = accuracy and completeness with which users achieve specified goals"
- "Efficiency = resources used in relation to the results achieved"
- "Satisfaction = extent to which the user's physical, cognitive and emotional responses that result from the use of a system, product or service meet the user’s needs and expectations"
- secure the system.
- threat model "the right thing".
- find relevant threats.
- find appropriate mitigations.
- see mitigations implemented.
- [...]
We offer a process / program.
Will they achieve their goals?
( )
Threat Modeling
of Threat Modeling
#meta
( )
Threat Modelingof Threat Modeling #meta
threat modeled threat modeling.
( )
Threat Modeling
YOUR
Threat Modeling
Threat Sources
- We + others
- Lessons learned + foreseen threats
- Do generic threats apply to us?
Generic → Specific
- Generic activities → actual selected tools
- Generic actor → actual people and teams
→ 
Take Home Message
- We can threat model all kinds of things - including processes.
- The threat modeling of threat
modeling
threat modeled threat modeling. - You can threat model your program, too!
... And this is what we do now!
( )
Interactive Sessions
Breakout Session Board
Prompts
- When we threat model... What can go wrong? What are we going to do about it?
- More specific:
- When we start out...
- When we discover threats...
- When we plan mitigations...
- When threat modelers communicate...
- What didn't work? How did you fix it?
Session facilitators
(not in the presented slide deck)
Let's go!
▶️ Breakout Sessions
Results
The following slide has results after 22 minutes of collaborative Meta Threat Modeling in small groups. Zoom in to explore.
(not in the presented slide deck)
Final
Insight sharing
- What have you learned methodically?
- What was a remarkable threat?
Take Home Message
- We can threat model all kinds of things - including processes.
- The threat modeling of threat
modeling
threat modeled threat modeling. - You can threat model your program, too!
Let's build secure systems!
More from Shuning
This is a 2D presentation (→ chapters / ↓ slides of that chapter) Move on: Space 2D-Navigation: Arrows Overview: Escape Fullscreen: F built with reveal.js