SlideShare ist ein Scribd-Unternehmen logo

Threat Modeling IoT Security

Eric Vétillard
Eric Vétillard

A presentation made in several public events in 2015 about the threats related to the Internet of Things, and how modeling can be used as a way to manage mitigation methods.

SoftwareTechnologie
1 von 33
Downloaden Sie, um offline zu lesen
Threat Modeling for the Internet of Things Eric Vétillard IoT Product Management Group September 2015
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Agenda 1 2 3 4 5 Definitions Concerns and threats Some countermeasures Device and gateway security Simple checklist 3
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 4 IoT Infrastructure – Main components Devices Enterprise Apps Operators IoT Service Gateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safety vs. Security Safety • Protects against malfunction – Focus on quality • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps Security • Protects against attackers – Focus on robustness – Several defence layers • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps 5
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 6 Attack Surface – Main components Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 7 Attack Surface – Specific to the Internet of Things Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 8 Attack Surface – Software Components Devices Messages IoT Service HW / OS Framework Cloud/Server Framework
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In the Press • In 2015, a few car-related headlines – BMW Connected Drive hack sees 2.2 million cars exposed to remote unlocking (02/02) – DARPA Hacks GM's OnStar To Remote Control A Chevrolet Impala (02/08) – US Senate Report: Automakers fail to fully protect against hacking (02/09) – Hackers take control of Jeep on the highway (August) • A few unrelated headlines from 2014 – Hackers had struck an unnamed steel mill in Germany (Jan) – U.S. government probes medical devices for possible cyber flaws (Oct 14) 9 Privacy Spying Theft Remote Control Physical damage Murder?
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In Practice: The BMW Hack • A lab has been able to remotely open a BMW car – Reverse engineering the ConnectedDrive feature to identify vulnerabilities – Exploiting the vulnerabilities identified through an attack path • The list of vulnerabilities is rather long – The same keys are used in all vehicles – Some messages are not encrypted – Configuration data is not tamper-proof – The crypto algorithm used (DES) is outdated and broken – The software does not include protection against replay attacks • One fix: The communication is now encrypted using HTTPS 10
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | The BMW Hack: Poor Decisions Poor decision Safety reasoning Security reasoning Using the same keys Simple process No complex infrastructure Keys need to be diversified A key needs to be broken on every car No systematic encryption Only critical messages are encrypted A secure channel protects against reverse engineering Configuration data no tamper-proof Configuration data integrity is protected by a checksum Configuration data authenticity is protected by a cryptographic checksum The vehicle ID is in error messages Simplify diagnosis by having the data A remote attacker doesn’t have the ID, so let’s protect it Using DES Well-known, fast algorithm DES is broken, let’s mandate AES No protection against replay attacks Same message, same action A recorded message cannot have the same effect when replayed 11
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Threat Analysis Thinking like an attacker • Very important to validate a design – Identify the key assets and their flows – Analyze how security protections can be bypassed – Consider vulnerabilities as opportunities • Identify countermeasures to be added to the design – And loop again on the analysis 12
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 13 Attack Surface – Between Devices and IoT Service Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway Thinking like an attacker • Attacking the network link, remotely • Any operation can be attacked • Targeting admin operations can be good • A failure can affect many deployments Thinking like a defender • IoT framework typically not fully under control • Patching/update must be supported at all levels
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 14 Attack Surface – Device Low-level Software Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • IoT operating systems are not well protected • Older attacks may even work • Maybe that the update mechanism is broken Thinking like a defender • OS security configuration is important • Patching/update must be supported and secure
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 16 Attack Surface – Attacking the Things and Gateways Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • Things and gateways are physically accessible • I can steal one and reverse engineer it • I can then attack another one • Denial-of-service or tampering may be options Thinking like a defender • Make devices (at least partly) tamper-proof • Otherwise, make them tamper-evident • Include organizational measures to detect attacks
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device 17 Steal data from another device Duplicate registration of a device Activate without registering Add device record in the cloud Insert device in supply chain Add a compromised device Modify the device’s software Modify an existing device Modify the device’s hardware Tamper with the device externally Replace an existing device Compromise a device Steal data from the network Reconfigure a gateway Replace device physically Replace device in cloud
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 18 Compromise a device Tamper with persistent memory Tamper with data Tamper with applications Tamper with system software Spy on the persistent memory Disclose data Disclose applications Disclose system software
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 19 Spy on the persistent memory Disclose data 109 Disclose applications Disclose system software Disclose system software Disclose application Disclose application data 1 Disclose buffered messages 2 Disclose application data 3 Disclose server verification data 4 Disclose device registration data 5 Disclose device authent data Disclose authent data
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 20 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Server Authentication 21 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Internet of Things Cloud Service Oracle Confidential – Internal/Restricted/Highly Restricted 22 Device Virtualization High Speed Messaging Stream Processing Endpoint Management Event Store IoT Cloud Service Enterprise Connectivity Integration Cloud Service BI & Big Data Cloud Service Oracle Cloud Services Mobile Cloud Service 3rd party apps Industry Vertical Apps Enterprise Apps Cloud or On Premise Manufacturing Transportation Service Mgmt Asset Mgmt Firewall Oracle IoT CS Gateway s/w 3rd party gateway s/w with Oracle IoT Client Library IoT Cloud Service Client Libraries & Gateway Indirectly connected devices Directly connected devices
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 23 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 24 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 25 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service  
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 26 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service      
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | ❶ Protecting the keys (even public) Q What if the attacker modifies my certificate? A Keep the public key in a Secure Element and have the Secure Element verify the signature. ❷ Checking code authenticity Q Am I sure that no attacker changed the code? A Add a cryptographic checksum, and check that the signature comes from the right person. 27 ❸ Adding hardware-based security Q What if the attacker removes my checks? A Use a secure boot mechanism based on a hardware-based mechanism (TPM, TEE, …). Protecting against Man-in-the-Middle  Stopping at some point A The SE’s security has been certified. A The platform’s security has been certified.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | What if it isn’t Possible? Explore alternatives – Use tamper-resistant hardware – Use tamper-evident hardware – Define security procedures – Use physical security Example: in a factory – Thoroughly check devices (including software) before installing them – Make sure that every device is covered by a security camera – Instruct security staff to regularly inspect devices for unusual 28
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | That Was a Threat Model • We went through several steps – Defining assets to be protected – Defining potential attack means on these assets – Defining countermeasures, and then countermeasures on the countermeasures – Thinking about the implementation • This Threat Modeling process can be made more formal – It is an essential work in an IoT deployment today – Many vertical/industry/customer-specific aspects to the threat model 29
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Putting in Practice in Gateways and Devices What needs to be done • Select an IoT infrastructure – Manage device identity, credentials, lifecycle, communication, policies • Select a device platform – Robust hardware / OS / Robust development framework • Select a trusted hardware – Markets with high – security insurance needs & unprotected physical devices How Oracle can help • Oracle IoT Cloud Service – State-of-the-art security and strong integration with enterprise services • Java ME/SE Embedded – A guarantee of strong and secure apps on your infrastructure • Java Card – To ensure that your trusted hardware can evolve over time 30
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | A few References • An accessible and useful book on threat analysis – http://threatmodelingbook.com/ • Details on the BMW hack – http://m.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s- ConnectedDrive-2540957.html • Scaring yourself with potential issues – https://www.dropbox.com/s/oh6xrb7chgoks4j/internetoffails.pdf?dl=0 • A few really good recommendations – http://www.esecurityplanet.com/network-security/6-tips-for-developing-secure-iot- apps.html 31
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 32 Summary • Start by thinking like an attacker – What is “tempting” in my system? • To who? Why? – How can my system be attacked? • Which components provide an opportunity • Then think like a defender – Identify your weaknesses • What is wrong? What may not be right? – Find proper countermeasures • Work with all stakeholders – For devices, gateways, frameworks • Vet their security and their integration Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 33
Threat Modeling IoT Security

Empfohlen

Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT SystemsDenim Group
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 

Empfohlen

Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT SystemsDenim Group
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurityRogue Wave Software
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarinNicolas Milcoff
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)Michael Man
 
Application security
Application securityApplication security
Application securityHagar Alaa el-din
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for ConsultantsDilum Bandara
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilJonathan Marcil
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 blior mazor
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesSecurity Innovation
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Security Innovation
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleNCC Group
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREADchuckbt
 

Weitere ähnliche Inhalte

Was ist angesagt?

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarinNicolas Milcoff
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)Michael Man
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for ConsultantsDilum Bandara
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilJonathan Marcil
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 blior mazor
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesSecurity Innovation
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Security Innovation
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark ShermanRinaldi Rampen
 

Was ist angesagt? (18)

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarin
 
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...
 
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)
 
Application security
Application securityApplication security
Application security
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
 
Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring Security
 
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan MarcilOWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
OWASP Québec: Threat Modeling Toolkit - Jonathan Marcil
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to Vulnerabilities
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
Application Security
Application SecurityApplication Security
Application Security
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman"CERT Secure Coding Standards" by Dr. Mark Sherman
"CERT Secure Coding Standards" by Dr. Mark Sherman
 

Andere mochten auch

Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleNCC Group
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREADchuckbt
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSGDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSLadislav Prskavec
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...POSSCON
 
Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015DavidAllder
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationSource Conference
 
Eloqua B2B Marketing Automation
Eloqua B2B Marketing AutomationEloqua B2B Marketing Automation
Eloqua B2B Marketing AutomationJim Stafford
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best PracticesSource Conference
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Functional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic ProgrammerFunctional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic ProgrammerRaúl Raja Martínez
 
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migratingWordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migratingJames Stone
 
NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015Val Bercovici
 
CraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipsterCraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipstercraftworkz
 
Using Data to Drive Interactions
Using Data to Drive InteractionsUsing Data to Drive Interactions
Using Data to Drive InteractionsNeil Sholay
 
Oracle Marketing Cloud
Oracle Marketing CloudOracle Marketing Cloud
Oracle Marketing CloudBob Lewis ?
 
Customer journey mapping
Customer journey mappingCustomer journey mapping
Customer journey mappingCardiff City FC
 
Fujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA SolutionsFujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA SolutionsFujitsu America
 

Andere mochten auch (20)

Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSGDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWS
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...Application Security on a Dime: A Practical Guide to Using Functional Open So...
Application Security on a Dime: A Practical Guide to Using Functional Open So...
 
Final
FinalFinal
Final
 
Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015Neil Sholay's presentation November 2015
Neil Sholay's presentation November 2015
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 
Eloqua B2B Marketing Automation
Eloqua B2B Marketing AutomationEloqua B2B Marketing Automation
Eloqua B2B Marketing Automation
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Functional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic ProgrammerFunctional Programming Patterns for the Pragmatic Programmer
Functional Programming Patterns for the Pragmatic Programmer
 
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migratingWordpress -> Middleman: Lesson learned in the 2-years since migrating
Wordpress -> Middleman: Lesson learned in the 2-years since migrating
 
NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015NetApp Industry Keynote - Flash Memory Summit - Aug2015
NetApp Industry Keynote - Flash Memory Summit - Aug2015
 
CraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipsterCraftCamp for Students - Introduction to JHipster
CraftCamp for Students - Introduction to JHipster
 
Using Data to Drive Interactions
Using Data to Drive InteractionsUsing Data to Drive Interactions
Using Data to Drive Interactions
 
Oracle Marketing Cloud
Oracle Marketing CloudOracle Marketing Cloud
Oracle Marketing Cloud
 
Customer journey mapping
Customer journey mappingCustomer journey mapping
Customer journey mapping
 
Fujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA SolutionsFujitsu: Your Partner for SAP HANA Solutions
Fujitsu: Your Partner for SAP HANA Solutions
 

Ähnlich wie Threat Modeling IoT Security

Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationDomenico Catalano
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTechWell
 
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Indus Khaitan
 
Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server zOSCommserver
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and PerformanceEric Vétillard
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTechWell
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsBitbar
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfKerimBozkanli
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudMarketingArrowECS_CZ
 
Oracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for SecurityOracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for SecurityChris Muir
 
Testing with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTesting with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTechWell
 
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...Denim Group
 
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Nadine Schoene
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application securityRogue Wave Software
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securitySam Bowne
 
Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?Tom Kranz
 
Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?Tom Kranz
 

Ähnlich wie Threat Modeling IoT Security (20)

Enterprise Mobility: Secure Containerization
Enterprise Mobility: Secure ContainerizationEnterprise Mobility: Secure Containerization
Enterprise Mobility: Secure Containerization
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
 
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
Oracle OpenWorld | CON9707 Enterprise Mobile Security Architecture beyond the...
 
Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server Integrated Intrusion Detection Services for z/OS Communications Server
Integrated Intrusion Detection Services for z/OS Communications Server
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
 
Tips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile AppsTips and Tricks for Building Secure Mobile Apps
Tips and Tricks for Building Secure Mobile Apps
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
 
Oracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for SecurityOracle ADF Architecture TV - Design - Designing for Security
Oracle ADF Architecture TV - Design - Designing for Security
 
Testing with a Rooted Mobile Device
Testing with a Rooted Mobile DeviceTesting with a Rooted Mobile Device
Testing with a Rooted Mobile Device
 
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
Hybrid Analysis Mapping: Making Security and Development Tools Play Nice Toge...
 
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
Slidedeck Demo Kino: Street Warrior. Mobile Sicherheit auf unseren Straßen - ...
 
Create code confidence for better application security
Create code confidence for better application securityCreate code confidence for better application security
Create code confidence for better application security
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
 
Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?Can Containers be Secured in a PaaS?
Can Containers be Secured in a PaaS?
 
Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?Can Containers be secured in a PaaS?
Can Containers be secured in a PaaS?
 

Mehr von Eric Vétillard

New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersEric Vétillard
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformEric Vétillard
 
Java Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCJava Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCEric Vétillard
 
Java Card in Banking and NFC
Java Card in Banking and NFCJava Card in Banking and NFC
Java Card in Banking and NFCEric Vétillard
 
First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java CardEric Vétillard
 
Java Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-EnterpriseJava Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-EnterpriseEric Vétillard
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314Eric Vétillard
 
Java Card, 15 years later
Java Card, 15 years laterJava Card, 15 years later
Java Card, 15 years laterEric Vétillard
 

Mehr von Eric Vétillard (8)

New Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web ServersNew Security Issues related to Embedded Web Servers
New Security Issues related to Embedded Web Servers
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected Platform
 
Java Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFCJava Card Technology: The Foundations of NFC
Java Card Technology: The Foundations of NFC
 
Java Card in Banking and NFC
Java Card in Banking and NFCJava Card in Banking and NFC
Java Card in Banking and NFC
 
First Steps with Java Card
First Steps with Java CardFirst Steps with Java Card
First Steps with Java Card
 
Java Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-EnterpriseJava Solutions for Securing Edge-to-Enterprise
Java Solutions for Securing Edge-to-Enterprise
 
Eric java card-basics-140314
Eric java card-basics-140314Eric java card-basics-140314
Eric java card-basics-140314
 
Java Card, 15 years later
Java Card, 15 years laterJava Card, 15 years later
Java Card, 15 years later
 

Kürzlich hochgeladen

Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineeringssuserb3a23b
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 

Kürzlich hochgeladen (20)

Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Software Coding for software engineering
Software Coding for software engineeringSoftware Coding for software engineering
Software Coding for software engineering
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 

Threat Modeling IoT Security

  • 1. Threat Modeling for the Internet of Things Eric Vétillard IoT Product Management Group September 2015
  • 2. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Agenda 1 2 3 4 5 Definitions Concerns and threats Some countermeasures Device and gateway security Simple checklist 3
  • 4. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 4 IoT Infrastructure – Main components Devices Enterprise Apps Operators IoT Service Gateway
  • 5. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Safety vs. Security Safety • Protects against malfunction – Focus on quality • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps Security • Protects against attackers – Focus on robustness – Several defence layers • Principles – Coverage analysis – Detection, mitigation, reaction – Simplicity is better – Redundancy helps 5
  • 6. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 6 Attack Surface – Main components Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway
  • 7. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 7 Attack Surface – Specific to the Internet of Things Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway
  • 8. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 8 Attack Surface – Software Components Devices Messages IoT Service HW / OS Framework Cloud/Server Framework
  • 9. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In the Press • In 2015, a few car-related headlines – BMW Connected Drive hack sees 2.2 million cars exposed to remote unlocking (02/02) – DARPA Hacks GM's OnStar To Remote Control A Chevrolet Impala (02/08) – US Senate Report: Automakers fail to fully protect against hacking (02/09) – Hackers take control of Jeep on the highway (August) • A few unrelated headlines from 2014 – Hackers had struck an unnamed steel mill in Germany (Jan) – U.S. government probes medical devices for possible cyber flaws (Oct 14) 9 Privacy Spying Theft Remote Control Physical damage Murder?
  • 10. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | In Practice: The BMW Hack • A lab has been able to remotely open a BMW car – Reverse engineering the ConnectedDrive feature to identify vulnerabilities – Exploiting the vulnerabilities identified through an attack path • The list of vulnerabilities is rather long – The same keys are used in all vehicles – Some messages are not encrypted – Configuration data is not tamper-proof – The crypto algorithm used (DES) is outdated and broken – The software does not include protection against replay attacks • One fix: The communication is now encrypted using HTTPS 10
  • 11. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | The BMW Hack: Poor Decisions Poor decision Safety reasoning Security reasoning Using the same keys Simple process No complex infrastructure Keys need to be diversified A key needs to be broken on every car No systematic encryption Only critical messages are encrypted A secure channel protects against reverse engineering Configuration data no tamper-proof Configuration data integrity is protected by a checksum Configuration data authenticity is protected by a cryptographic checksum The vehicle ID is in error messages Simplify diagnosis by having the data A remote attacker doesn’t have the ID, so let’s protect it Using DES Well-known, fast algorithm DES is broken, let’s mandate AES No protection against replay attacks Same message, same action A recorded message cannot have the same effect when replayed 11
  • 12. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Threat Analysis Thinking like an attacker • Very important to validate a design – Identify the key assets and their flows – Analyze how security protections can be bypassed – Consider vulnerabilities as opportunities • Identify countermeasures to be added to the design – And loop again on the analysis 12
  • 13. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 13 Attack Surface – Between Devices and IoT Service Devices Operators Enterprise Apps Messages REST API UI Connectors IoT Service Gateway Thinking like an attacker • Attacking the network link, remotely • Any operation can be attacked • Targeting admin operations can be good • A failure can affect many deployments Thinking like a defender • IoT framework typically not fully under control • Patching/update must be supported at all levels
  • 14. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 14 Attack Surface – Device Low-level Software Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • IoT operating systems are not well protected • Older attacks may even work • Maybe that the update mechanism is broken Thinking like a defender • OS security configuration is important • Patching/update must be supported and secure
  • 15. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 16 Attack Surface – Attacking the Things and Gateways Devices Operators Enterprise Apps Messages REST API UI Connectors IOT Server Gateway Thinking like an attacker • Things and gateways are physically accessible • I can steal one and reverse engineer it • I can then attack another one • Denial-of-service or tampering may be options Thinking like a defender • Make devices (at least partly) tamper-proof • Otherwise, make them tamper-evident • Include organizational measures to detect attacks
  • 16. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device 17 Steal data from another device Duplicate registration of a device Activate without registering Add device record in the cloud Insert device in supply chain Add a compromised device Modify the device’s software Modify an existing device Modify the device’s hardware Tamper with the device externally Replace an existing device Compromise a device Steal data from the network Reconfigure a gateway Replace device physically Replace device in cloud
  • 17. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 18 Compromise a device Tamper with persistent memory Tamper with data Tamper with applications Tamper with system software Spy on the persistent memory Disclose data Disclose applications Disclose system software
  • 18. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 19 Spy on the persistent memory Disclose data 109 Disclose applications Disclose system software Disclose system software Disclose application Disclose application data 1 Disclose buffered messages 2 Disclose application data 3 Disclose server verification data 4 Disclose device registration data 5 Disclose device authent data Disclose authent data
  • 19. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Focus on Persistent Memory 20 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
  • 20. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Compromising a Device – Server Authentication 21 Tamper with persistent memory Tamper with data Tamper with applications Tamper with native software 2 Modify application data 3 Modify server verification data 4 Modify device registration data 7 Modify a stored application’s code 8 Modify a stored app’s meta-data 9 Add an application 10 Modify system softwareTamper with application data Tamper with authentication data 6 Modify device authent data 5 Modify device identity 1 Modify buffered messages
  • 21. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Internet of Things Cloud Service Oracle Confidential – Internal/Restricted/Highly Restricted 22 Device Virtualization High Speed Messaging Stream Processing Endpoint Management Event Store IoT Cloud Service Enterprise Connectivity Integration Cloud Service BI & Big Data Cloud Service Oracle Cloud Services Mobile Cloud Service 3rd party apps Industry Vertical Apps Enterprise Apps Cloud or On Premise Manufacturing Transportation Service Mgmt Asset Mgmt Firewall Oracle IoT CS Gateway s/w 3rd party gateway s/w with Oracle IoT Client Library IoT Cloud Service Client Libraries & Gateway Indirectly connected devices Directly connected devices
  • 22. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 23 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
  • 23. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Security mechanism provisions and manages trust relationships with devices • Uniquely assigned device identities disallows reuse of security credentials across devices 24 IoT CS Ensures End-to-End Security Trusted Devices Non-Repudiation • Enforces authentication prior to communication with any device or enterprise software, enabling proof of origin of data • Transport level security for all communication to ensure data integrity • Secure, managed state transitions to control access from devices • Restricts types of IoT CS operations that device and other principals can perform in a given state Security Lifecycle
  • 24. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 25 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service  
  • 25. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal 26 From HTTPS to Man-in-the-Middle Device HTTPS IoT Service      
  • 26. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | ❶ Protecting the keys (even public) Q What if the attacker modifies my certificate? A Keep the public key in a Secure Element and have the Secure Element verify the signature. ❷ Checking code authenticity Q Am I sure that no attacker changed the code? A Add a cryptographic checksum, and check that the signature comes from the right person. 27 ❸ Adding hardware-based security Q What if the attacker removes my checks? A Use a secure boot mechanism based on a hardware-based mechanism (TPM, TEE, …). Protecting against Man-in-the-Middle  Stopping at some point A The SE’s security has been certified. A The platform’s security has been certified.
  • 27. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | What if it isn’t Possible? Explore alternatives – Use tamper-resistant hardware – Use tamper-evident hardware – Define security procedures – Use physical security Example: in a factory – Thoroughly check devices (including software) before installing them – Make sure that every device is covered by a security camera – Instruct security staff to regularly inspect devices for unusual 28
  • 28. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | That Was a Threat Model • We went through several steps – Defining assets to be protected – Defining potential attack means on these assets – Defining countermeasures, and then countermeasures on the countermeasures – Thinking about the implementation • This Threat Modeling process can be made more formal – It is an essential work in an IoT deployment today – Many vertical/industry/customer-specific aspects to the threat model 29
  • 29. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Putting in Practice in Gateways and Devices What needs to be done • Select an IoT infrastructure – Manage device identity, credentials, lifecycle, communication, policies • Select a device platform – Robust hardware / OS / Robust development framework • Select a trusted hardware – Markets with high – security insurance needs & unprotected physical devices How Oracle can help • Oracle IoT Cloud Service – State-of-the-art security and strong integration with enterprise services • Java ME/SE Embedded – A guarantee of strong and secure apps on your infrastructure • Java Card – To ensure that your trusted hardware can evolve over time 30
  • 30. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | A few References • An accessible and useful book on threat analysis – http://threatmodelingbook.com/ • Details on the BMW hack – http://m.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s- ConnectedDrive-2540957.html • Scaring yourself with potential issues – https://www.dropbox.com/s/oh6xrb7chgoks4j/internetoffails.pdf?dl=0 • A few really good recommendations – http://www.esecurityplanet.com/network-security/6-tips-for-developing-secure-iot- apps.html 31
  • 31. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 32 Summary • Start by thinking like an attacker – What is “tempting” in my system? • To who? Why? – How can my system be attacked? • Which components provide an opportunity • Then think like a defender – Identify your weaknesses • What is wrong? What may not be right? – Find proper countermeasures • Work with all stakeholders – For devices, gateways, frameworks • Vet their security and their integration Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
  • 32. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 33