Get documents about "Definitions
Document Sample
STRIDE classifications DREAD ratings
re
ge
su
ile
lo
al
sc
of e
iv
ti
c
y
y
pr
di
E x du e n
io rvi
ra s
lit
lit
ve er
te ity
ot
on
rm on
bi
se
bi
co us
g
l
ci
ep e p
bi
e n at i
i
ep rin
n
at
f
Ta ing
d
lo
ta
ag
di
pe
at
oi
ro
ia
of
ec
u
am
m
pl
fo
ev
po
is
Environment Threats
ff
In
El
D
D
D
R
R
A
S
High Security 3 3 3 3 1 3 Threat 1
Enterprise 2 2 2 3 2 3 Threat 2
SOHO 1 1 1 2 2 1 …
Public 1 1 2 1 3 2 Threat n
Rating keys: 1 Low importance Rating keys: 1 low diff diff one easy
2 Medium importance 2 med mod mod few mod
3 High importance 3 high easy easy manydiff
Definitions: Microsoft's Proposed for P2600
Spoofing: Allows an adversary to pose as Spoofing: Allows an adversary to pose as
another usr, component, or other system another usr, component, or other system
S that has an identiy in the system being that has an identiy in the system being
modeled. modeled.
Tampering: The modification of data Tampering: The modification of
within the system to achieve a malicious document data within the system to
T goal. achieve a malicious goal.
Repudiation: The ability of an adversary Repudiation: The ability of an adversary
to deny performing some malicious to deny performing some malicious
R activity because the system does not activity because the system does not have
have sufficient evidence to prove sufficient evidence to prove otherwise.
otherwise.
Information disclosure: The exposure of Information disclosure: The exposure of
protected data to a user that is not protected document data to a user that
I otherwise allowed access to that data. is not otherwise allowed access to that
data.
Denial of service: Occurs when an Denial of service: Occurs when an
adversary can prevent legitimate users adversary can prevent legitimate users for
D for using the normal functionality of the using the normal functionality of the
system. system or can use the functionality of
the system without authorization.
Elevation of privilege: Occurs when an Elevation of privilege: Occurs when an
adversary uses illegitimate means to adversary uses illegitimate means to
E assume a trust level with different assume a trust level with different
privilieges than he currently has. privilieges than he currently has.
Definitions: Microsoft's Proposed for P2600
Damage potential: Ranks the extent of Damage potential: Ranks the extent of
D the damage that occurs if a vulnerability the damage to an individual user that
is exploited. occurs if a vulnerability is exploited.
Reproducibility: Ranks how often an Reproducibility: Ranks how easily an
attempt at exploiting a vulnerability exploit can be reproduced by others
R works. (often related to equipment required)
Exploitability: Assigns a number to the Exploitability: Assigns a number to the
effort required to exploit the effort required to exploit the vulnerability
E vulnerability. In addition, exploitability the first time.
considers preconditions such as wether
the user must be authenticated.
Affected users: A number value Affected users: Ranks the number of
characterizing the ratio of installed users of the system that would be
A instances of the system that would be affected if an exploit became widely
affected if an exploit became widely available.
available.
Discoverability: Measures the likelihood Discoverability: Measures the likelihood
that a vulnerability will be found by that an exploit will be discovered,
D expternal security researchers, hackers, versus remaining undetected.
and the like, if it went unpatched.
y
ra s
lit
ve er
bi
co us
d
te
ec
is
ff
D
A
Rationale for change
Tampering with SFR data
covered in Spoofing,
Repudiation, Denial of service,
and Elevation of privilege
Disclosure of SFR data covered
in Spoofing, Repudiation,
Denial of service, and
Elevation of privilege
Unauthorized use is important
in Public environment, but is
somewhat different from
Repudiation
Rationale for change
The number of affected users
is considered under Affected
users.
Even a sophisticated packet
crafting can be "scriptified",
but some exploits require
sophisticated equipment also.
Intended to measure the skill
required to exploit the
vulnerability the first time (for
a given piece of equipment).
Installed instances is product-
specific. However, number of
users affected is a useful
metric to separate from
Damage potential.
I assume that any vulnerability
will become widely known.
However, undetected exploits
can continue to cause
damage.
Threats Analysis Worksheet
STRIDE classifications DREAD ratings High Security
Information disclosure
Elevation of privilege
Damage potential
Denial of service
Reproducibility
Discoverability
Affected users
Exploitability
Repudiation
Tampering
Spoofing
Severity
Priority
Threat ID Description
T.DOS.NET.CONNECT Opening all available network connections and keeping them open 0 0 0 0 1 0 1 3 2 3 1 1 2
T.DOS.NET.CRAFT Sending crafted network packets to cause network interface failure 0 0 0 0 1 0 1 3 2 3 1 1 2
T.DOS.NET.FLOOD Flooding packets to cause a sustained network interface failure 0 0 0 0 1 0 1 3 3 3 1 1 2
T.DOS.PRT.CRASH 0 0
Submitting PDL or print protocol data to cause print controller failure or looping0 0 1 0 1 3 2 3 2 1 2
T.DOS.PRT.DELETE Submitting PDL or print protocol data to delete persistent resources 0 0 0 0 1 0 2 3 2 2 2 1 2
T.DOS.PRT.CHANNEL Submitting PDL or print protocol data to backchannel message flood0 0 0 0 1 0 2 3 2 2 2 1 2
T.DOS.PRT.PRIORTY types0 jobs
Intentionally continuously sending print jobs that de-prioritize other 0 of 0 0 1 0 1 3 3 2 1 1 2
T.DOS.FAX.HOOK Inserting off-hook telephone in the loop 0 0 0 0 1 0 1 3 3 2 1 1 2
T.DOS.FAX.LOOP Continuously sending/receiving grayscale fax pages at low speed 0 0 0 0 1 0 1 3 3 2 1 1 2
T.DOS.FAX.TRAIN Forcing the fax modem to continuously train 0 0 0 0 1 0 1 2 2 2 2 1 2
T.DOS.FAX.VOLUME Continuously sending excessive scanned document volume 0 0 0 0 1 0 1 3 3 2 1 1 2
T.DOS.PHY.ALTER 0 0
Mechanically or electrically altering or damaging the device or its components 0 0 1 0 2 2 2 2 2 1 2
T.DOS. PHY.INTERFERE 0
Mechanically or electrically interfering with the device or its components 0 0 0 1 0 2 2 1 2 3 1 2
T. RESOURCE.COPY Using a rogue “copy” control device to bypass copy control 0 0 1 0 1 0 1 3 3 1 1 3 2
T. RESOURCE.PEER 0
Using a peer-to-peer connection to circumvent server security or accounting 0 1 0 1 0 1 3 3 1 2 3 2
T.RESOURCE.SUPPLIES Removing supplies or consumables 0 0 0 0 1 0 1 3 3 3 1 1 2
T.RESOURCE.EXHAUST Submitting jobs to intentionally exhaust the device’s consumables 0 0 0 0 1 0 1 3 3 3 1 1 2
T.UD.SNIFF.NET Sniffing network traffic to gain access to documents 0 0 0 1 0 0 3 3 2 3 3 3 3
T.UD.SNIFF.EM EM sniffing network traffic to gain access to documents 0 0 0 1 0 0 3 2 1 3 3 3 2
T.UD.SNIFF.PHONE 0 0
Tapping into a phone line to sniff fax traffic and gain access to faxed documents 0 1 0 0 3 2 2 3 3 3 3
T.UD.ACC.NORMAL 0 0
Electronically accessing another user’s document using normal end user interfaces 0 1 0 0 2 3 2 2 2 3 2
T.UD.ACC.HACK 0 0
Electronically accessing another user’s document in a non-standard interfaces 0 1 0 0 2 2 2 2 2 3 2
T.UD.PHY.OUTPUT Removing or examining documents from an output tray 0 0 0 1 1 0 2 3 3 1 1 3 2
T.UD.PHY.INPUT Removing or examining documents from the document feeder 0 0 0 1 1 0 2 3 3 1 1 3 2
T.UD.PHY.CAMERA 0 0
Recording documents or user credentials using an internal or external camera 0 1 0 0 3 2 2 3 2 3 2
T.UD.PHY.EM Capturing EM radiation from device 0 0 0 1 0 0 3 1 1 3 2 3 2
T.UD.ANALYZE 0
Using electron microscope to read residual image on copier belt or drum 0 0 1 0 0 2 1 1 1 3 3 2
T.UD.SALVAGE Removing or swapping the device's hard disk 0 0 0 1 0 0 3 2 2 2 2 3 2
T.UD.IMP.FAX Man-in-the-middle attack to alter inbound/outbound PSTN faxes 1 1 1 1 0 0 2 2 2 2 2 3 2
T.UD.IMP.PRINT Man-in-the-middle attack to alter print jobs 1 1 1 1 0 0 2 3 2 2 2 3 2
T.UD.IMP.SCAN Man-in-the-middle attack to alter scan or scan-to-fax data 1 1 1 1 0 0 2 3 2 2 2 3 2
T.TSF.CRED.NET Sniffing network traffic to gain access to credentials 1 0 1 0 0 1 spoofing? Repud?
3 3 2 3 3 3 3
T.TSF.CRED.EM EM sniffing network traffic to gain access to credentials 1 0 1 0 0 1 3 1 1 3 2 3 2
T.TSF.CRED.MGMT Man-in-the-middle attack for management tools 1 0 1 0 0 1 2 2 2 2 3 3 2
T.TSF.CRED.DISK 1
Removing or swapping the device's hard disk or other persistent storage 0 1 0 0 1 2 2 2 2 2 3 2
T.TSF.CRED.GUESS Obtaining credentials by guessing or observation 1 0 1 0 0 1 2 3 3 2 2 3 2
T.TSF.CONF.DEV Changing the device settings or configuration 0 0 0 0 1 0 no net 1
settings 3
3 2 2 1 2
T.TSF.CONF.SEC Changing the security settings or configuration 1 0 1 1 0 1 add net settings
3 3 3 3 2 3 3
T.TSF.CONF.DATE Changing device date/time for fax/SSL 0 1 1 0 1 0 2 3 2 2 2 3 2
T.TSF.CONF.AB 1 0
Changing the address book to send copies of documents to other destinations 0 1 1 0 3 3 2 3 2 3 3
T.TSF.SW.APPLET Installing a rogue embedded software applet 1 1 1 1 1 1 3 2 1 3 2 3 2
T.TSF.SW.UPDATE Installing a rogue firmware or software update 1 1 1 1 1 1 3 1 1 3 2 3 2
T.TSF.AUD.ACCESS Accessing the device accounting/audit logs 0 0 0 1 0 1 1 3 2 3 3 3 2
T.TSF.AUD.ALTER Altering the device accounting/audit logs 1 0 1 0 0 1 2 2 2 3 2 3 2
T.EA.PROXY Propagating an attack to the local network through a network service 0 0 0 0 1 1 2 2 2 2 2 3 2
T.EA.DOS device
Creating a denial-of-service attack on the local network through the 0 0 0 0 1 0 2 3 2 3 1 1 2
High Security 3 3 3 3 1 3 alan
Enterprise 2 2 2 2 2 3 david
SOHO 1 1 1 2 2 1 nancy
Public 1 1 2 1 3 2 tom
Must be considered 2.5
Should be considered 1.5
High Security Enterprise SOHO Public
Overall importance
Overall importance
Overall importance
Overall importance
Severity
Severity
Severity
Priority
Priority
Priority
1.4 2 2 2.0 2 2 2.0 3 2 2.4
1.4 2 2 2.0 2 2 2.0 3 2 2.4
1.5 2 2 2.1 2 2 2.1 3 2 2.6
1.5 2 2 2.1 2 2 2.1 3 2 2.6
1.5 2 2 2.1 2 2 2.1 3 2 2.6
1.5 2 2 2.1 2 2 2.1 3 2 2.6
1.4 2 2 2.0 2 2 2.0 3 2 2.4
1.4 2 2 2.0 2 2 2.0 3 2 2.4
1.4 2 2 2.0 2 2 2.0 3 2 2.4
1.3 2 2 1.9 2 2 1.9 3 2 2.3
1.4 2 2 2.0 2 2 2.0 3 2 2.4
1.4 2 2 2.0 2 2 2.0 3 2 2.4
1.4 2 2 2.0 2 2 2.0 3 2 2.4
2.3 2 2 1.9 2 2 1.9 3 2 2.3
2.4 2 2 2.0 2 2 2.0 3 2 2.4
1.5 2 2 2.1 2 2 2.1 3 2 2.6
1.5 2 2 2.1 2 2 2.1 3 2 2.6
2.9 2 3 2.4 2 3 2.4 1 3 1.7
2.7 2 2 2.2 2 2 2.2 1 2 1.5
2.8 2 3 2.3 2 3 2.3 1 3 1.6
2.6 2 2 2.1 2 2 2.1 1 2 1.5
2.4 2 2 2.0 2 2 2.0 1 2 1.4
2.4 2 2 2.0 2 2 2.0 3 2 2.4
2.4 2 2 2.0 2 2 2.0 3 2 2.4
2.7 2 2 2.2 2 2 2.2 1 2 1.5
2.4 2 2 2.0 2 2 2.0 1 2 1.4
2.2 2 2 1.8 2 2 1.8 1 2 1.3
2.6 2 2 2.1 2 2 2.1 1 2 1.5
2.4 2 2 2.0 2 2 2.0 2 2 2.0
2.6 2 2 2.1 2 2 2.1 2 2 2.1
2.6 2 2 2.1 2 2 2.1 2 2 2.1
2.9 3 3 2.9 1 3 1.7 2 3 2.4
2.4 3 2 2.4 1 2 1.4 2 2 2.0
2.6 3 2 2.6 1 2 1.5 2 2 2.1
2.4 3 2 2.4 1 2 1.4 2 2 2.0
2.7 3 2 2.7 1 2 1.5 2 2 2.2
1.5 2 2 2.1 2 2 2.1 3 2 2.6
2.9 3 3 2.9 2 3 2.4 2 3 2.4
2.6 2 2 2.1 2 2 2.1 3 2 2.6
2.8 2 3 2.3 2 3 2.3 3 3 2.8
2.6 3 2 2.6 2 2 2.1 3 2 2.6
2.4 3 2 2.4 2 2 2.0 3 2 2.4
2.7 3 2 2.7 2 2 2.2 2 2 2.2
2.6 3 2 2.6 1 2 1.5 2 2 2.1
2.4 3 2 2.4 2 2 2.0 3 2 2.4
1.5 2 2 2.1 2 2 2.1 3 2 2.6
99.1 100.8 91.8 101.9
