回归分析建模步骤_如何通过5个步骤执行威胁建模和安全分析

回归分析建模步骤

Want to learn how to perform threat modeling?

是否想学习如何进行威胁建模？

Then, you are in the right place.

然后，您来对地方了。

But before that, let us quickly discuss why it is important to perform threat modeling and security analysis.

但是在此之前，让我们快速讨论为什么执行威胁建模和安全分析很重要。

Almost all software systems face a variety of threats today, and the number of cyberattacks continues to rise as the technology matures. In the second quarter of 2018, malware exploiting software vulnerabilities grew 151 percent, according to a report.

如今，几乎所有软件系统都面临各种威胁，并且随着技术的成熟，网络攻击的数量还在继续增加。 根据一份报告 ，在2018年第二季度，利用恶意软件的软件漏洞增长了151％。

Security breaches can occur due to internal or external entities, and they can have devastating consequences. These attacks may leak sensitive data of your organization or disable your system completely, which may even lead to complete loss of data.

安全漏洞可能由于内部或外部实体而发生，并且可能造成毁灭性后果。 这些攻击可能会泄漏组织的敏感数据或完全禁用系统，甚至可能导致数据完全丢失。

How can you protect your data from being stolen or prevent malicious attacks on your devices?

如何保护您的数据不被窃取或防止对设备的恶意攻击？

One way to start is by performing threat modeling, a process that helps you analyze your environment, identify potential vulnerabilities and threats, and create the proper security requirements you need to address those threats.

一种开始的方式是执行威胁建模，该过程可帮助您分析环境，识别潜在的漏洞和威胁并创建解决这些威胁所需的适当安全要求。

设备的正确安全级别是什么？威胁建模如何帮助您实现它？ (What is the Right Level of Security for Your Device and How Can Threat Modeling Help You Achieve It?)

To design-in security, it is recommended that developers and manufacturers analyze the operating environment to determine how each device could be attacked and then document it.

为了设计安全性，建议开发人员和制造商分析操作环境，以确定如何攻击每台设备，然后对其进行记录。

This process of understanding and documenting security requirements is known as Threat Modeling and Security Analysis (TMSA).

理解和记录安全要求的过程称为威胁建模和安全分析(TMSA)。

But how can performing Threat Modeling and Security Analysis help you secure your device against cybersecurity attacks?

但是，执行威胁建模和安全分析如何帮助您保护设备免受网络安全攻击？

It can help you analyze your device and understand:

它可以帮助您分析设备并了解：

• How robust does your security need to be?
  您的安全性需要有多强？
• What preventive measures should you take to avoid security issues?
  您应采取哪些预防措施来避免安全问题？
• What potential threats could impact your device?
  哪些潜在威胁可能会影响您的设备？

A Threat Modeling and Security Analysis (TMSA) highlights critical issues and challenges that you should consider while implementing security to protect your product or device.

威胁建模和安全分析(TMSA)强调了在实施安全性以保护产品或设备时应考虑的关键问题和挑战。

It prompts you to consider critical questions such as:

它提示您考虑一些关键问题，例如：

• What are the potential threats to your device?
  对您的设备有哪些潜在威胁？
• How severe are those threats?
  这些威胁有多严重？
• Is your device in compliance with security standards?
  您的设备符合安全标准吗？
• What are the potential vulnerabilities that could put your device at risk of a security breach?
  有哪些潜在漏洞可能会使您的设备面临安全漏洞的风险？
• What countermeasures could you implement to protect your device?
  您可以采取哪些对策来保护设备？

执行威胁建模的步骤 (Steps to Perform Threat Modeling)

Here is a step-by-step process that will help you understand how you can perform a Threat Modeling and Security Analysis to determine your security requirements.

这是一个分步过程，可以帮助您了解如何执行威胁建模和安全分析以确定安全要求。

步骤1：确定用例，要保护的资产和外部实体 (Step 1: Identify the Use Case, Assets to Protect, and External Entities)

The first step to perform threat modeling is to identify a use case, which is the system or device that is the subject of your security assessment. By doing so, you will have an idea of what device or system needs to be analyzed further.

执行威胁建模的第一步是识别用例，这是安全评估的主题系统或设备。 这样，您将了解需要进一步分析哪些设备或系统。

Since attackers may target your device to steal important data or to have it act maliciously, you need to identify the assets that hold sensitive information or are most likely to be attacked.

由于攻击者可能会将您的设备作为目标来窃取重要数据或使其恶意行为，因此您需要确定保存敏感信息或最有可能受到攻击的资产。

For instance, if you have a smart speaker, then you may want to protect the following assets:

例如，如果您有一个智能扬声器，则可能需要保护以下资产：

• Log-in credentials
  登录信息
• Network communication
  网络通讯
• Firmware
  固件
• Event logs
  事件记录
• Certificates and unique keys
  证书和唯一密钥
• System configurations (to secure your IP address)
  系统配置(以保护您的IP地址)
• Device resources (such as speakers, microphone array, battery, storage, debug interface, network bandwidth, and computing power)
  设备资源(例如扬声器，麦克风阵列，电池，存储，调试接口，网络带宽和计算能力)

There might be many different assets in your device, but what’s important is that you focus on securing assets that hold valuable data and are critical to your organization and customers.

您的设备中可能有许多不同的资产，但重要的是您应专注于保护拥有宝贵数据且对组织和客户至关重要的资产。

Moreover, to identify and understand potential threats that might impact your device, you need to determine external entities and users who interact with the device.

此外，要识别和了解可能影响设备的潜在威胁 ，您需要确定与设备进行交互的外部实体和用户。

That may include legitimate users, such as the virtual system administrator or the owner of the device. But it should also extend to identify potential adversaries or attackers attempting to gain access to the device.

其中可能包括合法用户，例如虚拟系统管理员或设备所有者。 但它也应该扩展以识别潜在的对手或攻击者，试图获得对该设备的访问权限。

Once you’ve identified these, it’s time to move on to the next step of performing threat modeling.

一旦确定了这些，就可以继续执行威胁建模的下一步了。

步骤2：确定信任区，潜在的对手和威胁 (Step 2: Identify Trust Zones, Potential Adversaries, and Threats)

In this step of performing threat modeling, you have to identify trust zones and corresponding entry-exit points. By using this information, you can develop data flow diagrams along with privilege boundaries that will help you define the approach for input data validation, user authentication, and error handling.

在执行威胁建模的这一步骤中，您必须标识信任区域和相应的进入点。 通过使用此信息，您可以开发数据流程图以及特权边界，这将帮助您定义输入数据验证，用户身份验证和错误处理的方法。

Additionally, you need to create an adversary-based threat model to help you identify potential adversaries and attackers who may be trying to exploit or attack your device.

此外，您需要创建基于对手的威胁模型，以帮助您识别可能试图利用或攻击您的设备的潜在对手和攻击者。

Usually, an adversary-based threat model has four categories of attackers:

通常，基于对手的威胁模型具有四类攻击者：

• Network attacker: This type of attacker may conduct network attacks such as man-in-the-middle attacks, where the attacker intercepts communication between two parties.

  网络攻击者：这种类型的攻击者可能会进行网络攻击，例如中间人攻击，其中，攻击者拦截了两方之间的通信。

• Malicious insider attacker: These attackers may be your employees, a third-party vendor, or any individual who has access to your device or network.

  恶意的内部攻击者：这些攻击者可能是您的员工，第三方供应商或有权访问您的设备或网络的任何个人。

• Remote software attacker: Most attackers fall into this category and try to breach security software by introducing malicious scripts/code or a virus to steal data or gain control of the device/network.

  远程软件攻击者：大多数攻击者都属于此类，他们试图通过引入恶意脚本/代码或病毒来窃取数据或控制设备/网络，从而破坏安全软件。

• Advanced hardware attacker: These attackers usually have advanced resources and require physical access to the device. They often deploy sophisticated attacks with the help of specialized equipment, such as microscopy probing or ion-beam lithography.

  高级硬件攻击者：这些攻击者通常拥有高级资源，并且需要对设备进行物理访问。 他们经常借助专门的设备进行复杂的攻击，例如显微镜探测或离子束光刻。

By this point, you should have identified what you need to protect and what potential adversaries could lead to a security breach.

至此，您应该已经确定了需要保护的内容以及哪些潜在的对手可能导致安全漏洞。

Next, you should identify potential vulnerabilities, including software, physical devices, development lifecycles, and communication that could act as entry points into your device and allow attackers to enter your system.

接下来，您应该确定潜在的漏洞，包括软件，物理设备，开发生命周期以及可能充当设备入口点并允许攻击者进入您的系统的通信。

What do these vulnerabilities include?

这些漏洞包括什么？

These vulnerabilities may include excessive user access privileges, weak password policies, absence of Web Application Firewall (WAF), broken authentication, insecure cryptographic storage, lack of security guidelines, or security misconfigurations.

这些漏洞可能包括过多的用户访问特权，弱密码策略，缺少Web应用程序防火墙(WAF)，认证失败，加密存储不安全，缺少安全准则或安全性配置错误。

Once you have identified potential vulnerabilities, you can implement a threat model against each entry point to determine security threats.

一旦确定了潜在的漏洞，就可以针对每个入口点实施威胁模型以确定安全威胁。

But how can you design the right level of security required to protect your device against these threats?

但是，如何设计所需的适当安全级别以保护设备免受这些威胁呢？

After identifying potential security threats, you will need to consider assessing the severity of each threat or attack and allocate your resources appropriately.

在确定潜在的安全威胁之后，您将需要考虑评估每种威胁或攻击的严重性并适当地分配资源。

You can use a common vulnerability scoring system (CVSS) to evaluate the impact of the threats. It uses scores between zero to 10 to help you understand how an attack would affect your device.

您可以使用通用漏洞评分系统(CVSS)评估威胁的影响。 它使用介于0到10之间的分数来帮助您了解攻击将如何影响您的设备。

For instance, if the CVSS score for a threat is 9, then you should focus your resources and attention on it as its impact would be severe.

例如，如果威胁的CVSS分数是9，那么您应该集中精力并注意它，因为它的影响会很严重。

By doing so, you will be able to build the right level of security into your device.

这样，您将能够在设备中构建适当级别的安全性。

步骤3：确定高级安全目标以解决潜在威胁 (Step 3: Determine High-Level Security Objectives to Address Potential Threats)

In this step of how to perform threat modeling, you have to establish security objectives that focus on maintaining the following security elements:

在执行威胁建模的这一步骤中，您必须建立专注于维护以下安全元素的安全目标：

• Confidentiality
  保密
• Availability
  可用性
• Integrity
  廉洁
• Secure Development Lifecycle
  安全开发生命周期
• Authenticity
  真实性
• Non-Repudiation
  不可否认

The type of attack determines the risk to each of these security elements.

攻击的类型确定了这些安全元素中每一个的风险。

For instance, you can determine that a tampering attack may impact the integrity of your device, while a spoofing attack may impact the authenticity of your device.

例如，您可以确定篡改攻击可能会影响设备的完整性，而欺骗攻击可能会影响设备的真实性。

Once you have assessed the potential threats and their severity, you will be able to determine what countermeasures you need to employ to combat those threats and how you can address them appropriately.

在评估了潜在威胁及其严重性之后，您将能够确定需要采取哪些对策来应对这些威胁以及如何适当应对这些威胁。

步骤4：为每个安全目标明确定义安全要求 (Step 4: Define Security Requirements for Each Security Objective Clearly)

Since each threat poses a different risk to high-level security objectives, you need to analyze and create specific, actionable security requirements that will directly address those threats.

由于每种威胁都会对高级别安全目标造成不同的风险，因此您需要分析并创建可直接解决这些威胁的特定，可操作的安全要求。

For instance, to secure identities, you should:

例如，为了保护身份，您应该：

• Maintain roles, trusted communication channels, and authorization
  维护角色，可信的沟通渠道和授权
• Implement least privilege user access
  实施最小特权用户访问
• Set failure threshold limits
  设置故障阈值限制
• Secure remote management
  安全的远程管理

步骤5：创建文档以存储所有相关信息 (Step 5: Create a Document to Store All Relevant Information)

Once you have gathered all the requisite information needed to set security requirements for your system, create a threat modeling document that stores this information accurately.

收集了设置系统安全要求所需的所有必要信息后，请创建一个威胁建模文档以准确存储此信息。

What should you include in this document?

您应该在本文件中包括什么？

The document should include separate tables that list the assets that you need to protect, potential adversaries and threats, countermeasures you need to take, and security requirements.

该文档应包括单独的表，这些表列出了需要保护的资产，潜在的攻击者和威胁，需要采取的对策以及安全要求。

It should be well-structured and have clear and concise information to help you see the potential severity of an attack and how you can address each threat.

它应具有良好的结构，并提供清晰明了的信息，以帮助您了解潜在的攻击严重性以及如何解决每种威胁。

A well-maintained document can help you efficiently perform Threat Modeling and Security Analysis (TMSA).

维护良好的文档可以帮助您有效地执行威胁建模和安全分析(TMSA)。

本指南中有关如何执行威胁建模的主要内容 (Key Takeaways from This Guide on How to Perform Threat Modeling)

Now that you know more about threat modeling and how to perform it, get started with your TMSA documentation. Remember, you need to identify potential vulnerabilities along with security requirements that will help protect your system against attackers and threats.

既然您对威胁建模及其执行方式有了更多的了解，请开始使用TMSA文档。 请记住，您需要确定潜在的漏洞以及安全要求，以帮助保护您的系统免受攻击者和威胁。

Do you have any more questions on how to perform threat modeling? Please get in touch with our security experts.

您对如何执行威胁建模还有其他疑问吗？ 请与我们的安全专家联系。

About Author:

关于作者：

Steve Kosten is a Principal Security Consultant at Cypress Data Defense and an instructor for the SANS DEV541 Secure Coding in Java/JEE: Developing Defensible Applications course.

Steve Kosten是赛普拉斯数据防御部门的首席安全顾问，并且是Java / JEE：开发防御性应用程序课程中SANS DEV541安全编码的讲师。

翻译自: https://towardsdatascience.com/how-to-perform-threat-modeling-security-analysis-in-5-steps-c42639efc952

回归分析建模步骤