Modeling a System Flashcards
What is a data flow diagram?
- diagrams that describe the flow of data among components in a system as well as properties of the components and flow
What are sequence diagrams?
- diagrams that describe the interactions of components in an ordered manner.
What are sequence diagrams useful in identifying threats?
- They allow a designer to understand the state of the system over time
What are process flow diagrams used for?
- They highlight the operational flow through actions among components in a system
What are attack trees?
- They depict the steps along a path that an attacker might try as part of reaching their goal to perform actions with nefarious intent
What are fishbone diagrams?
- They show the relationships between an outcome and the root cause(s) that enabled such an effect to occur
When developing a DFD what are some common annotations used for elements?
- Name of unit
- Owner
- If a process what privilege is it running at
- If it’s a binary object is it expected to be signed?
- What programming languages are used?
- For managed/interpreted code what runtime/bytecode processor is used
What is an element in the context of a DFD?
- A shape that represents a process or operating unit within the system
What is a container in the context of a DFD?
- A unit in the system that contains additional elements and flows
What is a context layer in a DFD?
- A DFD diagram that represents a high level view of a system and it’s interactions with external entities(e.g., remote systems or users)
Where is a container used in a DFD?
- in a context layer DFD
What is an external entity in the context of a DFD?
- It represents a process or system that is involved in the operation or function of the system but is not in scope for the analysis
What is a data store in the context of a DFD?
- represents where bulk data is stored, a message bus, or a shared memory region
What are some examples of data represented by a data store in the context of a DFD?
- database
- file or buffer holding small amounts of security relevant data
- logfile output
What are some meta data that should be captured for a data store in the context of a DFD?
- Type of storage - file, S3 bucket, service mesh, shared memory region
- Type and classification of data held - structured/unstructured, data format
- Sensitivity or value of data
- Protections on the data store itself
- Replication - is data replicated to a different data store
- Backup - is data copied to another place for safety but with reduced security and access controls
What are data flow symbols in the context of a DFD?
- They describe where and how interactions are made among entities.
What is the primary purpose of a data flow symbols in the context of a DFD?
- They describe the primary direction of travel of communications that is relevant for the purposes of analysis.
What should be conveyed with data flow elements in the context of a DFD?
- Application-level data or control messages that are being passed on an established channel
What meta data should data flows be assigned in the context of a DFD?
- Type or nature of channel - IPC, Network
- Protocols in use - HTTP, gRPC, TCP/IP, HTTPS
- Data being communicated
- Order of operations(if useful)
What is a “trust boundary” in the context of a DFD?
- Shows objects and entities operating within the boundary that operate at the same trust level
What is a “block element” in the context of a DFD?
- An architectural element that selectively alters the data flow on which it is attached
What are examples of “block elements” in the context of a DFD?
- a host firewall, another physical device, a logical mechanism as a function of the architecture
What meta data is associated with “block elements” in the context of a DFD?
- Type of block - a physical or logical device and whether it’s optional
- Behavior - what the block does and how it may modify the flow or access to a port or process
What is an “Attack Tree”?
- A modeling technique used to understand how a system is vulnerable to attackers influencing a system
When is an “Attack Tree” used in modeling a system?
- When performing threat analysis from an attacker-centric perspective
What outcome is an “Attack Tree” meant to show?
- A positive outcome for an attacker and a negative outcome for the system owners
In order for an “Attack Tree” to provide the correct analysis of impact what is needed?
- A complete knowledge of how something can be compromised
- Understanding motivation, skills, resources available to different types and groups of attackers
What are the first steps in creating a system model?
- Identify the major building blocks in the system
What are some examples of major building blocks in a system?
- Applications
- Servers
- Databases
- Datastores
When building a system model - After major building blocks are defined what is next?
- Identify the connections to each building block
When building a system model - What are examples of connections between databases?
- Clients of a database and the privilege they have
- Access control to the database
When building a system model - What are examples of connections to servers?
- Ports that a server listens on.
- Protocol used when communicating with the port
When building a system model - What are examples of connections between applications?
- Application API/UI
When building a system model who should be involved with the exercise?
- Lead Architect
- Designers
- Development leads
- QA lead
What properties should a ‘good’ model have?
- Accurate
- Meaningful
- Representative
- Living
What are the attributes that support a ‘good’ model being ‘accurate’?
- Its free of inaccurate or misleading information that will result in an imperfect threat analysis
What are the attributes that support a ‘good’ model being ‘meaningful’?
- Captures information that points to conditions for potential compromise
- It creates a representation of the system without recreating it.
- Provides sufficient data to make inferences and direct judgments on the characteristics of the system
What are the attributes that support a ‘good’ model being ‘representative’?
- Should represent the design intentions of the Architect or the realized implementation by the dev teams
What are the attributes that support a ‘good’ model being ‘living’?
- It’s updated on a regular basis to ensure accuracy i.e., It should represent ‘what is’ and not ‘what it should be’
