Welcome to the Drive World with ESC 2019 Presentation Store. Here you can view and download conference presentations before, during, and after the event. If you’re looking for a presentation from a specific session that you’re unable to find here, note that it’s likely because the presenter has not provided permission for external use or has not yet shared their presentation with us. Please check back after the event for a more complete catalogue of available presentations.
Successful Threat Modeling for Connected Devices
Chris Shore (Director of Embedded Solutions, Arm)
Location: Room 209
Date: Wednesday, August 28
Time: 1:15 pm - 2:00 pm
Track: ESC - IoT & Connected Devices
Format: Technical Session
Vault Recording: TBD
After too many high-profile security incidents, the world is waking up to the fact that security must be a vital part of any connected device. And that security must be designed in from the ground-up, forming an integral part of the most fundamental design decisions throughout product development. It affects all aspects of product development, including hardware design, functional specification, and software development.
However, implementing an appropriate, proportionate and effective level of security is different for every product and carrying out a thorough threat analysis is vital.
In 2017, Arm launched the Platform Security Architecture (PSA), an open methodology for analyzing, designing, and implementing the security aspects of a product. PSA covers three stages: Analyze, Architect, and Implement. It is the first of these stages, carrying out a threat analysis, which is the most fundamental and often the hardest. It is also something which may product designers are not equipped to do.
In this talk, I will describe the necessary steps in carrying out a threat analysis:
- Define the scope of evaluation, external entities and assets which require protection
- Identify adversaries, attack surface and possible threats (using the standard STRIDE threat model)
- Determine the severity of the threats and assign a CVSS score to each
- Identify high-level security objectives to address each threat
- Define security requirements for each objective
- Create a summary for each threat and translate this into concrete security feature requirements
Worked examples will be used to illustrate the concepts at each stage.