Docstoc

Definitions

Document Sample
Definitions Powered By Docstoc
					                     STRIDE classifications                                      DREAD ratings




                                              re



                                            ge
                                           su



                                        ile
                                        lo




                                                                                                    al
                                    sc


                               of e
                                     iv




                                                                                                  ti
                                    c




                                                                                                  y




                                                                                                 y
                                  pr
                                  di




                                                                             E x du e n
                         io rvi




                                                                                        ra s
                                                                                              lit




                                                                                              lit
                                                                                     ve er
                                                                                     te ity
                                                                                            ot
                               on
                      rm on




                                                                                            bi
                               se




                                                                                           bi
                                                                                  co us
                              g




                                                                                           l
                                                                                         ci
                                                                               ep e p




                                                                                         bi
                   e n at i
                             i
                  ep rin




                            n
                           at




                            f
                 Ta ing




                                                                                       d
                         lo




                                                                                      ta
                                                                                    ag
                        di
                       pe




                      at




                                                                                    oi
                                                                                   ro
                      ia
                      of




                                                                                  ec
                      u




                                                                               am
                    m




                                                                                pl
                    fo




                   ev
                  po




                                                                               is
 Environment                                                    Threats




                                                                               ff
                 In




                 El
                 D




                                                                            D




                                                                             D
                 R




                                                                             R




                                                                             A
                 S




High Security        3   3    3   3    1      3              Threat 1
Enterprise           2   2    2   3    2      3              Threat 2
SOHO                 1   1    1   2    2      1                 …
Public               1   1    2   1    3      2              Threat n

Rating keys: 1         Low importance                        Rating keys: 1 low diff diff one easy
             2        Medium importance                                   2 med mod mod few mod
             3         High importance                                    3 high easy easy manydiff


  Definitions:                  Microsoft's                            Proposed for P2600
                 Spoofing: Allows an adversary to pose as    Spoofing: Allows an adversary to pose as
                 another usr, component, or other system     another usr, component, or other system
      S          that has an identiy in the system being     that has an identiy in the system being
                 modeled.                                    modeled.
                 Tampering: The modification of data         Tampering: The modification of
                 within the system to achieve a malicious    document data within the system to
      T          goal.                                       achieve a malicious goal.

                 Repudiation: The ability of an adversary    Repudiation: The ability of an adversary
                 to deny performing some malicious           to deny performing some malicious
      R          activity because the system does not        activity because the system does not have
                 have sufficient evidence to prove           sufficient evidence to prove otherwise.
                 otherwise.
                 Information disclosure: The exposure of     Information disclosure: The exposure of
                 protected data to a user that is not        protected document data to a user that
      I          otherwise allowed access to that data.      is not otherwise allowed access to that
                                                             data.
                 Denial of service: Occurs when an           Denial of service: Occurs when an
                 adversary can prevent legitimate users      adversary can prevent legitimate users for
      D          for using the normal functionality of the   using the normal functionality of the
                 system.                                     system or can use the functionality of
                                                             the system without authorization.
                 Elevation of privilege: Occurs when an      Elevation of privilege: Occurs when an
                 adversary uses illegitimate means to        adversary uses illegitimate means to
      E          assume a trust level with different         assume a trust level with different
                 privilieges than he currently has.          privilieges than he currently has.
  Definitions: Microsoft's                                              Proposed for P2600
               Damage potential: Ranks the extent of         Damage potential: Ranks the extent of
     D         the damage that occurs if a vulnerability     the damage to an individual user that
               is exploited.                                 occurs if a vulnerability is exploited.
    Reproducibility: Ranks how often an          Reproducibility: Ranks how easily an
    attempt at exploiting a vulnerability        exploit can be reproduced by others
R   works.                                       (often related to equipment required)


    Exploitability: Assigns a number to the      Exploitability: Assigns a number to the
    effort required to exploit the               effort required to exploit the vulnerability
E   vulnerability. In addition, exploitability   the first time.
    considers preconditions such as wether
    the user must be authenticated.
    Affected users: A number value               Affected users: Ranks the number of
    characterizing the ratio of installed        users of the system that would be
A   instances of the system that would be        affected if an exploit became widely
    affected if an exploit became widely         available.
    available.
    Discoverability: Measures the likelihood     Discoverability: Measures the likelihood
    that a vulnerability will be found by        that an exploit will be discovered,
D   expternal security researchers, hackers,     versus remaining undetected.
    and the like, if it went unpatched.
                   y
           ra s
                lit
       ve er
             bi
     co us
          d
       te
    ec

  is
 ff

D
A




                       Rationale for change




                Tampering with SFR data
                covered in Spoofing,
                Repudiation, Denial of service,
                and Elevation of privilege




                Disclosure of SFR data covered
                in Spoofing, Repudiation,
                Denial of service, and
                Elevation of privilege
                Unauthorized use is important
                in Public environment, but is
                somewhat different from
                Repudiation




                     Rationale for change
                The number of affected users
                is considered under Affected
                users.
Even a sophisticated packet
crafting can be "scriptified",
but some exploits require
sophisticated equipment also.
Intended to measure the skill
required to exploit the
vulnerability the first time (for
a given piece of equipment).


Installed instances is product-
specific. However, number of
users affected is a useful
metric to separate from
Damage potential.
I assume that any vulnerability
will become widely known.
However, undetected exploits
can continue to cause
damage.
Threats Analysis Worksheet
                                                                                                STRIDE classifications                                                                                         DREAD ratings                                                                   High Security




                                                                                                                               Information disclosure




                                                                                                                                                                            Elevation of privilege



                                                                                                                                                                                                     Damage potential
                                                                                                                                                        Denial of service




                                                                                                                                                                                                                        Reproducibility




                                                                                                                                                                                                                                                                            Discoverability
                                                                                                                                                                                                                                                           Affected users
                                                                                                                                                                                                                                          Exploitability
                                                                                                                 Repudiation
                                                                                                     Tampering
                                                                                          Spoofing




                                                                                                                                                                                                                                                                                                         Severity
                                                                                                                                                                                                                                                                                              Priority
Threat ID              Description
T.DOS.NET.CONNECT      Opening all available network connections and keeping them open 0            0    0                                 0                     1                      0                    1                  3                2                3                 1           1          2
T.DOS.NET.CRAFT        Sending crafted network packets to cause network interface failure 0         0    0                                 0                     1                      0                    1                  3                2                3                 1           1          2
T.DOS.NET.FLOOD        Flooding packets to cause a sustained network interface failure        0     0    0                                 0                     1                      0                    1                  3                3                3                 1           1          2
T.DOS.PRT.CRASH                                                                               0     0
                       Submitting PDL or print protocol data to cause print controller failure or looping0                                 0                     1                      0                    1                  3                2                3                 2           1          2
T.DOS.PRT.DELETE       Submitting PDL or print protocol data to delete persistent resources 0       0    0                                 0                     1                      0                    2                  3                2                2                 2           1          2
T.DOS.PRT.CHANNEL      Submitting PDL or print protocol data to backchannel message flood0          0    0                                 0                     1                      0                    2                  3                2                2                 2           1          2
T.DOS.PRT.PRIORTY                                                                             types0 jobs
                       Intentionally continuously sending print jobs that de-prioritize other 0      of 0                                  0                     1                      0                    1                  3                3                2                 1           1          2
T.DOS.FAX.HOOK         Inserting off-hook telephone in the loop                               0     0    0                                 0                     1                      0                    1                  3                3                2                 1           1          2
T.DOS.FAX.LOOP         Continuously sending/receiving grayscale fax pages at low speed        0     0    0                                 0                     1                      0                    1                  3                3                2                 1           1          2
T.DOS.FAX.TRAIN        Forcing the fax modem to continuously train                            0     0    0                                 0                     1                      0                    1                  2                2                2                 2           1          2
T.DOS.FAX.VOLUME       Continuously sending excessive scanned document volume                 0     0    0                                 0                     1                      0                    1                  3                3                2                 1           1          2
T.DOS.PHY.ALTER                                                                               0     0
                       Mechanically or electrically altering or damaging the device or its components 0                                    0                     1                      0                    2                  2                2                2                 2           1          2
T.DOS. PHY.INTERFERE                                                                          0
                       Mechanically or electrically interfering with the device or its components 0      0                                 0                     1                      0                    2                  2                1                2                 3           1          2
T. RESOURCE.COPY       Using a rogue “copy” control device to bypass copy control             0     0    1                                 0                     1                      0                    1                  3                3                1                 1           3          2
T. RESOURCE.PEER                                                                              0
                       Using a peer-to-peer connection to circumvent server security or accounting  0    1                                 0                     1                      0                    1                  3                3                1                 2           3          2
T.RESOURCE.SUPPLIES    Removing supplies or consumables                                       0     0    0                                 0                     1                      0                    1                  3                3                3                 1           1          2
T.RESOURCE.EXHAUST     Submitting jobs to intentionally exhaust the device’s consumables 0          0    0                                 0                     1                      0                    1                  3                3                3                 1           1          2
T.UD.SNIFF.NET         Sniffing network traffic to gain access to documents                   0     0    0                                 1                     0                      0                    3                  3                2                3                 3           3          3
T.UD.SNIFF.EM          EM sniffing network traffic to gain access to documents                0     0    0                                 1                     0                      0                    3                  2                1                3                 3           3          2
T.UD.SNIFF.PHONE                                                                              0     0
                       Tapping into a phone line to sniff fax traffic and gain access to faxed documents 0                                 1                     0                      0                    3                  2                2                3                 3           3          3
T.UD.ACC.NORMAL                                                                               0     0
                       Electronically accessing another user’s document using normal end user interfaces 0                                 1                     0                      0                    2                  3                2                2                 2           3          2
T.UD.ACC.HACK                                                                                 0     0
                       Electronically accessing another user’s document in a non-standard interfaces 0                                     1                     0                      0                    2                  2                2                2                 2           3          2
T.UD.PHY.OUTPUT        Removing or examining documents from an output tray                    0     0    0                                 1                     1                      0                    2                  3                3                1                 1           3          2
T.UD.PHY.INPUT         Removing or examining documents from the document feeder               0     0    0                                 1                     1                      0                    2                  3                3                1                 1           3          2
T.UD.PHY.CAMERA                                                                               0     0
                       Recording documents or user credentials using an internal or external camera 0                                      1                     0                      0                    3                  2                2                3                 2           3          2
T.UD.PHY.EM        Capturing EM radiation from device                                   0    0   0   1   0   0        3    1   1   3   2   3   2
T.UD.ANALYZE                                                                            0
                   Using electron microscope to read residual image on copier belt or drum 0     0   1   0   0        2    1   1   1   3   3   2
T.UD.SALVAGE       Removing or swapping the device's hard disk                          0    0   0   1   0   0        3    2   2   2   2   3   2
T.UD.IMP.FAX       Man-in-the-middle attack to alter inbound/outbound PSTN faxes        1    1   1   1   0   0        2    2   2   2   2   3   2
T.UD.IMP.PRINT     Man-in-the-middle attack to alter print jobs                         1    1   1   1   0   0        2    3   2   2   2   3   2
T.UD.IMP.SCAN      Man-in-the-middle attack to alter scan or scan-to-fax data           1    1   1   1   0   0        2    3   2   2   2   3   2
T.TSF.CRED.NET     Sniffing network traffic to gain access to credentials               1    0   1   0   0   1 spoofing? Repud?
                                                                                                                      3    3   2   3   3   3   3
T.TSF.CRED.EM      EM sniffing network traffic to gain access to credentials            1    0   1   0   0   1        3    1   1   3   2   3   2
T.TSF.CRED.MGMT    Man-in-the-middle attack for management tools                        1    0   1   0   0   1        2    2   2   2   3   3   2
T.TSF.CRED.DISK                                                                         1
                   Removing or swapping the device's hard disk or other persistent storage 0     1   0   0   1        2    2   2   2   2   3   2
T.TSF.CRED.GUESS   Obtaining credentials by guessing or observation                     1    0   1   0   0   1        2    3   3   2   2   3   2
T.TSF.CONF.DEV     Changing the device settings or configuration                        0    0   0   0   1   0 no net 1
                                                                                                                      settings 3
                                                                                                                           3       2   2   1   2
T.TSF.CONF.SEC     Changing the security settings or configuration                      1    0   1   1   0   1 add net settings
                                                                                                                      3    3   3   3   2   3   3
T.TSF.CONF.DATE    Changing device date/time for fax/SSL                                0    1   1   0   1   0        2    3   2   2   2   3   2
T.TSF.CONF.AB                                                                           1    0
                   Changing the address book to send copies of documents to other destinations   0   1   1   0        3    3   2   3   2   3   3
T.TSF.SW.APPLET    Installing a rogue embedded software applet                          1    1   1   1   1   1        3    2   1   3   2   3   2
T.TSF.SW.UPDATE    Installing a rogue firmware or software update                       1    1   1   1   1   1        3    1   1   3   2   3   2
T.TSF.AUD.ACCESS   Accessing the device accounting/audit logs                           0    0   0   1   0   1        1    3   2   3   3   3   2
T.TSF.AUD.ALTER    Altering the device accounting/audit logs                            1    0   1   0   0   1        2    2   2   3   2   3   2
T.EA.PROXY         Propagating an attack to the local network through a network service 0    0   0   0   1   1        2    2   2   2   2   3   2
T.EA.DOS                                                                                device
                   Creating a denial-of-service attack on the local network through the 0    0   0   0   1   0        2    3   2   3   1   1   2




                                                                High Security       3    3       3   3   1   3     alan
                                                                   Enterprise       2    2       2   2   2   3     david
                                                                       SOHO         1    1       1   2   2   1     nancy
                                                                       Public       1    1       2   1   3   2     tom

                                                           Must be considered     2.5
                                                         Should be considered     1.5
High Security                          Enterprise                                    SOHO                                        Public
       Overall importance




                                                   Overall importance




                                                                                              Overall importance




                                                                                                                                         Overall importance
                                        Severity




                                                                                   Severity




                                                                                                                              Severity
                            Priority




                                                                        Priority




                                                                                                                   Priority
      1.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      1.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      1.5                     2           2        2.1                    2          2        2.1                    3          2        2.6
      1.5                     2           2        2.1                    2          2        2.1                    3          2        2.6
      1.5                     2           2        2.1                    2          2        2.1                    3          2        2.6
      1.5                     2           2        2.1                    2          2        2.1                    3          2        2.6
      1.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      1.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      1.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      1.3                     2           2        1.9                    2          2        1.9                    3          2        2.3
      1.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      1.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      1.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      2.3                     2           2        1.9                    2          2        1.9                    3          2        2.3
      2.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      1.5                     2           2        2.1                    2          2        2.1                    3          2        2.6
      1.5                     2           2        2.1                    2          2        2.1                    3          2        2.6
      2.9                     2           3        2.4                    2          3        2.4                    1          3        1.7
      2.7                     2           2        2.2                    2          2        2.2                    1          2        1.5
      2.8                     2           3        2.3                    2          3        2.3                    1          3        1.6
      2.6                     2           2        2.1                    2          2        2.1                    1          2        1.5
      2.4                     2           2        2.0                    2          2        2.0                    1          2        1.4
      2.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      2.4                     2           2        2.0                    2          2        2.0                    3          2        2.4
      2.7                     2           2        2.2                    2          2        2.2                    1          2        1.5
2.4    2   2   2.0     2   2   2.0    1   2   1.4
2.2    2   2   1.8     2   2   1.8    1   2   1.3
2.6    2   2   2.1     2   2   2.1    1   2   1.5
2.4    2   2   2.0     2   2   2.0    2   2   2.0
2.6    2   2   2.1     2   2   2.1    2   2   2.1
2.6    2   2   2.1     2   2   2.1    2   2   2.1
2.9    3   3   2.9     1   3   1.7    2   3   2.4
2.4    3   2   2.4     1   2   1.4    2   2   2.0
2.6    3   2   2.6     1   2   1.5    2   2   2.1
2.4    3   2   2.4     1   2   1.4    2   2   2.0
2.7    3   2   2.7     1   2   1.5    2   2   2.2
1.5    2   2   2.1     2   2   2.1    3   2   2.6
2.9    3   3   2.9     2   3   2.4    2   3   2.4
2.6    2   2   2.1     2   2   2.1    3   2   2.6
2.8    2   3   2.3     2   3   2.3    3   3   2.8
2.6    3   2   2.6     2   2   2.1    3   2   2.6
2.4    3   2   2.4     2   2   2.0    3   2   2.4
2.7    3   2   2.7     2   2   2.2    2   2   2.2
2.6    3   2   2.6     1   2   1.5    2   2   2.1
2.4    3   2   2.4     2   2   2.0    3   2   2.4
1.5    2   2   2.1     2   2   2.1    3   2   2.6

99.1           100.8           91.8           101.9

				
DOCUMENT INFO