Modeling a System

Question 1

What is a data flow diagram?

Answer 1

• diagrams that describe the flow of data among components in a system as well as properties of the components and flow

Question 2

What are sequence diagrams?

Answer 2

• diagrams that describe the interactions of components in an ordered manner.

Question 3

What are sequence diagrams useful in identifying threats?

Answer 3

• They allow a designer to understand the state of the system over time

Question 4

What are process flow diagrams used for?

Answer 4

• They highlight the operational flow through actions among components in a system

Question 5

What are attack trees?

Answer 5

• They depict the steps along a path that an attacker might try as part of reaching their goal to perform actions with nefarious intent

Question 6

What are fishbone diagrams?

Answer 6

• They show the relationships between an outcome and the root cause(s) that enabled such an effect to occur

Question 7

When developing a DFD what are some common annotations used for elements?

Answer 7

• Name of unit
• Owner
• If a process what privilege is it running at
• If it’s a binary object is it expected to be signed?
• What programming languages are used?
• For managed/interpreted code what runtime/bytecode processor is used

Question 8

What is an element in the context of a DFD?

Answer 8

• A shape that represents a process or operating unit within the system

Question 9

What is a container in the context of a DFD?

Answer 9

• A unit in the system that contains additional elements and flows

Question 10

What is a context layer in a DFD?

Answer 10

• A DFD diagram that represents a high level view of a system and it’s interactions with external entities(e.g., remote systems or users)

Question 11

Where is a container used in a DFD?

Answer 11

• in a context layer DFD

Question 12

What is an external entity in the context of a DFD?

Answer 12

• It represents a process or system that is involved in the operation or function of the system but is not in scope for the analysis

Question 13

What is a data store in the context of a DFD?

Answer 13

• represents where bulk data is stored, a message bus, or a shared memory region

Question 14

What are some examples of data represented by a data store in the context of a DFD?

Answer 14

• database
• file or buffer holding small amounts of security relevant data
• logfile output

Question 15

What are some meta data that should be captured for a data store in the context of a DFD?

Answer 15

• Type of storage - file, S3 bucket, service mesh, shared memory region
• Type and classification of data held - structured/unstructured, data format
• Sensitivity or value of data
• Protections on the data store itself
• Replication - is data replicated to a different data store
• Backup - is data copied to another place for safety but with reduced security and access controls

Question 16

What are data flow symbols in the context of a DFD?

Answer 16

• They describe where and how interactions are made among entities.

Question 17

What is the primary purpose of a data flow symbols in the context of a DFD?

Answer 17

• They describe the primary direction of travel of communications that is relevant for the purposes of analysis.

Question 18

What should be conveyed with data flow elements in the context of a DFD?

Answer 18

• Application-level data or control messages that are being passed on an established channel

Question 19

What meta data should data flows be assigned in the context of a DFD?

Answer 19

• Type or nature of channel - IPC, Network
• Protocols in use - HTTP, gRPC, TCP/IP, HTTPS
• Data being communicated
• Order of operations(if useful)

Question 20

What is a “trust boundary” in the context of a DFD?

Answer 20

• Shows objects and entities operating within the boundary that operate at the same trust level

Question 21

What is a “block element” in the context of a DFD?

Answer 21

• An architectural element that selectively alters the data flow on which it is attached

Question 22

What are examples of “block elements” in the context of a DFD?

Answer 22

• a host firewall, another physical device, a logical mechanism as a function of the architecture

Question 23

What meta data is associated with “block elements” in the context of a DFD?

Answer 23

• Type of block - a physical or logical device and whether it’s optional
• Behavior - what the block does and how it may modify the flow or access to a port or process

Question 24

What is an “Attack Tree”?

Answer 24

• A modeling technique used to understand how a system is vulnerable to attackers influencing a system

Question 25

When is an “Attack Tree” used in modeling a system?

Answer 25

• When performing threat analysis from an attacker-centric perspective

Question 26

What outcome is an “Attack Tree” meant to show?

Answer 26

• A positive outcome for an attacker and a negative outcome for the system owners

Question 27

In order for an “Attack Tree” to provide the correct analysis of impact what is needed?

Answer 27

• A complete knowledge of how something can be compromised
• Understanding motivation, skills, resources available to different types and groups of attackers

Question 28

What are the first steps in creating a system model?

Answer 28

• Identify the major building blocks in the system

Question 29

What are some examples of major building blocks in a system?

Answer 29

• Applications
• Servers
• Databases
• Datastores

Question 30

When building a system model - After major building blocks are defined what is next?

Answer 30

• Identify the connections to each building block

Question 31

When building a system model - What are examples of connections between databases?

Answer 31

• Clients of a database and the privilege they have
• Access control to the database

Question 32

When building a system model - What are examples of connections to servers?

Answer 32

• Ports that a server listens on.
• Protocol used when communicating with the port

Question 33

When building a system model - What are examples of connections between applications?

Answer 33

• Application API/UI

Question 34

When building a system model who should be involved with the exercise?

Answer 34

• Lead Architect
• Designers
• Development leads
• QA lead

Question 35

What properties should a ‘good’ model have?

Answer 35

• Accurate
• Meaningful
• Representative
• Living

Question 36

What are the attributes that support a ‘good’ model being ‘accurate’?

Answer 36

• Its free of inaccurate or misleading information that will result in an imperfect threat analysis

Question 37

What are the attributes that support a ‘good’ model being ‘meaningful’?

Answer 37

• Captures information that points to conditions for potential compromise
• It creates a representation of the system without recreating it.
• Provides sufficient data to make inferences and direct judgments on the characteristics of the system

Question 38

What are the attributes that support a ‘good’ model being ‘representative’?

Answer 38

• Should represent the design intentions of the Architect or the realized implementation by the dev teams

Question 39

What are the attributes that support a ‘good’ model being ‘living’?

Answer 39

• It’s updated on a regular basis to ensure accuracy i.e., It should represent ‘what is’ and not ‘what it should be’