Threat Modeling: Designing for Security (Wiley, 2014)

所需积分/C币:50 2016-03-02 15:53:38 5.95MB PDF
收藏 收藏

The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography! Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling. Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.
Threat Modeling Designing for Security Adam shostack WILEY dd12:57:18:PM01/17/2014P Threat Modeling: Designing for Security Published by John wiley Sons, Inc 10475 Crosspoint BoulevardIndianapolis, IN 46256 Copyright o 2014 by Adam Shostack Published by John Wiley Sons, Inc, Indianapolis, Indiana Published simultaneously in Canada ISBN:978-1-118-80999-0 ISBN:978-1-118-82269-2(ebk) ISBN:978-1-118-810057(ebk) Manufactured in the United States of america 10987654321 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or y any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978)750-8400, fax (978)646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley Sons, Inc 111RiverStreet,Hoboken,Nj07030,(201)748-6011,fax(201)748-6008,oronlineathttp://www.wiley com/go/permissions Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation P tion does not that the author or the publishe the information the organization or website may prov ide or recommendations it may make. Further, readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read For general information on our other products and services please contact our Customer Care Department within the United States at(877)762-2974, outside the United States at(317)572-3993 or fax(317)572-4002 Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not beincluded in e-books or in print-on-demand. If this book efers to media such as a CD or dvd that is not included in the version you purchased, you may download thismaterialathttp://booksupport.wileycomFormoreinformationaboutWileyproducts Library of Congress Control Number: 2013954095 Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley Sons, Inc and/orits affiliates, in the United States and other countries, and may not be used without written permission All other trademarks are the property of their respective owners. John Wiley Sons, Inc is not associated with any product or vendor mentioned in this be For all those striving to deliver more secure systems ffirs indd 12: 57: 18: PM 01/17/2014 Page iii Credits Executive editor Business Manager C arol long amy Knies Project Editors Vice President and Executive Victoria swider Group Publisher Tom Dinse Richard wadley Technical Editor Associate Publisher Chris wysopal Jim mintel Production Editor Project Coordinator, Cover Christine mugnolo Todd Klemme Copy Editor Technical Proofreader Luann rouff Russ mcree Editorial manager Proofreader Mary beth Wakefield Nancy carrasco Freelancer Editorial Manager Indexer Rosemarie graham Robert Swanson Associate Director of Marketing Cover Image David mayhew Courtesy of microsoft Marketing Manager Cover designer Ashley zurcher Wile ffirs indd 12: 57: 18: PM 01/17/2014 Page iv About the author Adam Shostack is currently a program manager at Microsoft His security roles there have included security development processes, usable security, and attack modeling. His attack- modeling work led to security updates for Autorun being delivered to hundreds of millions of computers. He shipped he sdl Threat Modeling Tool and the Elevation of privilege threat modeling game. While doing security development process work, he delivered threat modeling training across Microsoft and its partners and customers Prior to microsoft, he has been an executive at a number of successful information security and privacy startups. He helped found the Cve, the Privacy enhancing technologies symposium and the International financial Cryptography Association. He has been a consultant to banks, hospitals and startups and established software companies. For the first several years of his career, he was a systems manager for a medical research lab. Shostack is a prolific author, blogger, and public speaker. With Andrew Stewart, he co-authored The New School of Information Security(Addison-Wesley, 2008) ffirs indd 12: 57: 18: PM 01/17/2014 Page v About the technical editor Chris Wysopal, Veracode's CTO and Co-Founder, is responsible for the company's software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTOs and one of the 100 most influential people in ITby eWeek. One of the original vulnerability researchers and a member of Lopht Heavy Industries, he has testified on Capitol Hill in the Us on the subjects of government computer security and how vulnerabilities are discovered in software. He is an author of LOpht Crack and netcat for Windows. He is the lead author of The Art of Software Security Testing(Addison-Wesley, 2006) ffirs indd 12: 57: 18: PM 01/17/2014 Page vi Acknowledgments First and foremost, I'd like to thank countless engineers at Microsoft and else where who have given me feedback about their experiences threat modeling. I wouldnt have had the opportunity to have so many open and direct conversa tions without the support of Eric Bidstrup and Steve Lipner, who on my first day at microsoft told me to go wallow in the problem for a while,I dont think either expected"a while"to be quite so long. Nearly eight years later with countless deliverables along the way, this book is my most complete answer to the question they asked me: How can we get better threat models? Ellen cram Kowalczyk helped me make the book a reality in the microsoft context, gave great feedback on both details and aspects that were missing, and also provided a lot of the history of threat modeling from the first security pushes through the formation of the SDl, and she was a great manager and mentor Ellen and Steve Lipner were also invaluable in helping me obtain permission to use Microsoft documents The Elevation of privilege game that opens this book owes much to Jacqueline Beauchere, who saw promise in an ugly prototype called Threat Spades, " and invested in making it beautiful and widely available The sdl Threat Modeling tool might not exist if Chris Peterson hadnt given me a chance to build a threat modeling tool for the windows team to use. Ivan Medvedev, Patrick McCuller, Meng Li, and Larry Osterman built the first version of that tool. Id like to thank the many engineers in Windows, and later across Microsoft, who provided bug reports and suggestions for improvements in the beta days, and acknowledge all those who just flamed at us, reminding us of the importance of getting threat modeling right. Without that tool, my experience and breadth in threat modeling would be far poorer arry Osterman, Douglas Maclver, Eric Douglas, Michael Howard, and bob Fruth gave me hours of their time and experience in understanding threat ffirs indd 12: 57: 18: PM 01/17/2014 Page vii viii Acknowledgments modeling at Microsoft. Window Snyder's perspective as I started the Microsoft ob has been invaluable over the years. Knowing when you're done... well this book is nearly done Rob reeder was a great guide to the field of usable security, and Chapter 15 would look very different if not for our years of collaboration. I cant discuss usable security without thanking Lorrie Cranor for her help on that topic; but also for the chance to keynote the Symposium on usable Privacy and Security which led me to think about usable engineering advice, a perspective that is now suffused throughout this book Andy Stiengrubel, Don Ankney, and Russ mcree all taught me important lessons related to operational threat modeling, and how the trade-offs change as you change context. Guys, thank you for beating on me-those lessons now permeate many chapters. Alec Yasinac, Harold Pardue, and Jeff Landry were generous with their time discussing their attack tree experience, and Chapters 4 and 17 are better for those conversations. Joseph lorenzo hall was also a gem in helping with attack trees. Wendy Nather argued strongly that assets and attackers are great ways to make threats real, and thus help overcome resistance to fixing them rob Sama checked the acme financials example from a Cpas perspective, correcting many of my errors. Dave Awksmith graciously allowed me to include his threat personas as a complete appendix. Jason Nehrboss gave me some of the best feedback I've ever received on very early chapters I'd also like to acknowledge Jacob Appelbaum, Crispin Cowan, Dana Epp(for years of help, on both the book and tools), Jeremi Gosney, Yoshi Kohno, David LeBlanc, marsh ray, Nick Mathewson, Tamara McBride, Russ Mcree, Talhah Mir, David Mortman, Alec Muffet, Ben Rothke, Andrew Stewart, and bryan Sullivan for helpful feedback on drafts and/ or ideas that made it into the book In a wide variety of ways Q. Of course, none of those acknowledged in this section are responsible for the rors which doubtless crept in or remain Writing this book by myself"(an odd phrase given everyone Im acknowl- edging) makes me miss working with Andrew Stewart, my partner in writing on The New School of information Security. Especially since people sometime attribute that book to me, I want to be public about how much I missed his collaboration in this project This book wouldnt be in the form it is were it not for bruce schneier's will ingness to make an introduction to Carol Long, and Carols willingness to pick up the book. It wasn't always easy to read the feedback and suggested changes from my excellent project editor, Victoria Swider, but this thing is better where l did. Tom Dinse stepped in as the project ended and masterfully took control of a rery large number of open tasks bringing them to resolution on a tight schedule Lastly, and most importantly, thank you to Terri, for all your help, support, and love, and for putting up with"it's almost done" for a very very long time -Adam shostack ffirs indd 12: 57: 18: PM 01/17/2014 Page viii

试读 127P Threat Modeling: Designing for Security (Wiley, 2014)
限时抽奖 低至0.43元/次
身份认证后 购VIP低至7折
badc369 很不错的资源,值得学习
Threat Modeling: Designing for Security (Wiley, 2014) 50积分/C币 立即下载
Threat Modeling: Designing for Security (Wiley, 2014)第1页
Threat Modeling: Designing for Security (Wiley, 2014)第2页
Threat Modeling: Designing for Security (Wiley, 2014)第3页
Threat Modeling: Designing for Security (Wiley, 2014)第4页
Threat Modeling: Designing for Security (Wiley, 2014)第5页
Threat Modeling: Designing for Security (Wiley, 2014)第6页
Threat Modeling: Designing for Security (Wiley, 2014)第7页
Threat Modeling: Designing for Security (Wiley, 2014)第8页
Threat Modeling: Designing for Security (Wiley, 2014)第9页
Threat Modeling: Designing for Security (Wiley, 2014)第10页
Threat Modeling: Designing for Security (Wiley, 2014)第11页
Threat Modeling: Designing for Security (Wiley, 2014)第12页
Threat Modeling: Designing for Security (Wiley, 2014)第13页
Threat Modeling: Designing for Security (Wiley, 2014)第14页
Threat Modeling: Designing for Security (Wiley, 2014)第15页
Threat Modeling: Designing for Security (Wiley, 2014)第16页
Threat Modeling: Designing for Security (Wiley, 2014)第17页
Threat Modeling: Designing for Security (Wiley, 2014)第18页
Threat Modeling: Designing for Security (Wiley, 2014)第19页
Threat Modeling: Designing for Security (Wiley, 2014)第20页

试读结束, 可继续阅读

50积分/C币 立即下载