Octotrike.org
Home Docs Tools Papers Talks Contact
¤ ToorCon 2005 Presentation
Hands-On Threat Modeling with Trike v1

From the conference brochure:

Trike is a repeatable, consistent, partially automatable methodology for analyzing the security risk posed by a system. Threat models are particularly useful for finding architectural and algorithmic holes in an application. Trike builds a model of system threats, attacks, weaknesses, vulnerabilities and risks on a model of the system requirements and implementation. In version 1, system threats can be generated automatically given system requirements, and a variety of questions about risk can be answered programmatically.

Eleanor & Brenda will present version 1 of the Trike methodology by constructing a sample threat model using the Trike tool. They will provide an overview of the theory behind Trike as each relevant concept appears in the sample threat model, and mention current lines of thought which may become part of version 2.

Slides & Demo

We used two slide decks for this presentation: Theory and Examples. The example slides begin where our demo (of Trike v1 build 5) ended.

We also looked at an example file of attack stubs.



Octopus

News

31 Jul 2012
Brenda Larcom will be presenting a half-day tutorial on using the current Trike spreadsheet to write security objectives at IEEE RE 2012, September 25 in Chicago, IL.

1 Jul 2012
First official spreadsheet release, 1.5.06.

1 Jul 2012
New SVN and web site organization to support parallel development of the standalone and spreadsheet tools.

Thanks

SourceForge.net Logo

Copyright 2004-2008 Brenda Larcom, Eleanor Saitta, and Stephanie Smith. Copyright 2009-2012 Brenda Larcom and Eleanor Saitta. All rights reserved.