Difference between revisions of "2012 Summer Project Week:Threat Modeling"
From NAMIC Wiki
m |
|||
| Line 27: | Line 27: | ||
<h3>Approach, Plan</h3> | <h3>Approach, Plan</h3> | ||
During project week we will create a high level threat model for 3D Slicer v4 and identify possible mitigations | During project week we will create a high level threat model for 3D Slicer v4 and identify possible mitigations | ||
| + | |||
| + | Focus on elevation of privilege threats; punt other threat types to a later stage. | ||
</div> | </div> | ||
Revision as of 21:08, 17 June 2012
Home < 2012 Summer Project Week:Threat Modeling
Unsecured code can be a launching pad to take control of the host computer.
Key Investigators
- Kitware: Jean-Christophe Fillion-Robin (JC), Julien Finet (J2)
- Radnostics: Anthony Blumfield
Objective
Identify “low hanging fruit” architecture enhancements that will limit the ability of using 3D slicer as a launching pad to take control of the host computer.
Why now? Earlier architectural changes are cheaper and reduce the application compatibility burden.
Approach, Plan
During project week we will create a high level threat model for 3D Slicer v4 and identify possible mitigations
Focus on elevation of privilege threats; punt other threat types to a later stage.
Progress
Delivery Mechanism
- Document
References
- Swiderski F, Snyder W. Threat Modeling. ISBN-0735619913
- Howard M, LeBlanc D. Writing Secure Code, Second Edition. ISBN-0735617228
