Welcome to the Biomed Boston & ESC Boston 2019 Presentation Store. Here you can view and download conference and/or show floor theater presentations before, during, and after the event. If you’re looking for a presentation from a specific session that you’re unable to find here, note that it’s likely because the presenter has not provided permission for external use or has not yet shared their presentation with us. Please check back after the event for a more complete catalogue of available presentations.
Chris Shore (Director of Embedded Solutions, ARM)
Location: 107C
Date: Wednesday, May 15
Time: 3:15pm - 4:00pm
Track: ESC Boston, Track C: IoT & Connected Devices
Vault Recording: TBD
After too many high-profile security incidents, the world is waking up to the fact that security must be a vital part of any connected device. And that security must be designed in from the ground up, forming an integral part of the most fundamental design decisions throughout product development. It affects all aspects of product development, including hardware design, functional specification, and software development.
However, implementing an appropriate, proportionate, and effective level of security is different for every product and carrying out a thorough threat analysis is vital.
In 2017, ARM launched the Platform Security Architecture (PSA), an open methodology for analysing, designing, and implementing the security aspects of a product. PSA covers three stages: Analyze, Architect, and Implement. It is the first of these stages, carrying out a threat analysis, which is the most fundamental and often the hardest. It is also something which may product designers are not equipped to do.
In this talk, I will describe the necessary steps in carrying out a threat analysis:
- Define the scope of evaluation, external entities and assets which require protection
- Identify adversaries, attack surface and possible threats (using the standard STRIDE threat model)
- Determine the severity of the threats and assign a CVSS score to each
- Identify high-level security objectives to address each threat
- Define security requirements for each objective
- Create a summary for each threat and translate this into concrete security feature requirements
Worked examples will be used to illustrate the concepts at each stage.
Attendees will leave with a good understanding of a standard framework for carrying out a thorough threat analysis as part of product specification. They will know how to use this to derive requirements as input to the design process.
Product designers, software and hardware developers. All will benefit from a sound understanding of the principles involved.
ESC2019_SuccessfulThreatModelling_Shore.pdf
ESC2019_SuccessfulThreatModelling_Shore.pdf