It's difficult enough to design good software, and security makes it even tougher. As you create your own processes for developing secure code, this approach might serve you well as a baseline. Like the rest of the Security Development Lifecycle, threat modeling continues to evolve and to be applied in new contexts. In this article we'll present a systematic approach to threat modeling developed in the Security Engineering and Communications group at Microsoft. But, while we can't often prove that a given design is secure, we can learn from our mistakes and avoid repeating them. Of course that's the nature of the beast even in the more mature field of cryptography, many popular algorithms have not been proven to be secure. There aren't any well-established ways to measure the quality of a threat model, and even the term "threat" is open to interpretation. There are multiple approaches to threat modeling, and anyone who tells you his method is the only right one is mistaken. Threat modeling is an integral part of the Security Development Lifecycle. At Microsoft, we approach the design of secure systems through a technique called threat modeling-the methodical review of a system design or architecture to discover and correct design-level security problems. Whether you're building a new system or updating an existing one, you'll want to consider how an intruder might go about attacking it and then build in appropriate defenses at the design and implementation stages of the system. This article uses the following technologies:Īpplying STRIDE to the Fabrikam Analyzer Database
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |