Threat Modeling: Denial of Service and Elevation of Privilege

This final installment of the Threat Modeling series covering the STRIDE framework explains denial-of-service and elevation-of-privilege attacks.

Introduction

• Let me interrupt you
• STRIDE and the four question framework

1. DoS Targets

• DoS in context
• Attackers fill networks
• How attackers redline your CPU
• How attackers fill storage
• How attackers spend your budget
• How attackers drain your battery

2. Properties of DoS Attacks

• Persistence and transience of DoS
• Naïve to clever: Understanding DoS
• Amplified or native: Two modes of DoS

3. DoS in Various Technologies

• Mobile and IoT denial of service
• Cloud denial of service

4. DoS Defenses

• Designing for resilience
• Quantity as a defense

5. EOP

• What is elevation of privilege?
• Input corrupts
• Main forms of corrupt input

6. EOP Defenses

• Ways to defend against EOP
• Validation to defend against elevation
• Validate for purpose to prevent elevations
• Validation not sanitization for defense
• Attenuation in defense
• Memory safety as a defensive tool
• Stack canaries to protect your code
• Sandboxes and isolation protect your environment
• Bolt-on or built-in defenses

Conclusion

• Making great strides