Difference between revisions of "2012 Summer Project Week:Threat Modeling"

From NAMIC Wiki
Jump to: navigation, search
m
Line 27: Line 27:
 
<h3>Approach, Plan</h3>
 
<h3>Approach, Plan</h3>
 
During project week we will create a high level threat model for 3D Slicer v4 and identify possible mitigations
 
During project week we will create a high level threat model for 3D Slicer v4 and identify possible mitigations
 +
 +
Focus on elevation of privilege threats; punt other threat types to a later stage.
 
</div>
 
</div>
  

Revision as of 21:08, 17 June 2012

Home < 2012 Summer Project Week:Threat Modeling


Key Investigators

  • Kitware: Jean-Christophe Fillion-Robin (JC), Julien Finet (J2)
  • Radnostics: Anthony Blumfield

Objective

Identify “low hanging fruit” architecture enhancements that will limit the ability of using 3D slicer as a launching pad to take control of the host computer.

Why now? Earlier architectural changes are cheaper and reduce the application compatibility burden.



Approach, Plan

During project week we will create a high level threat model for 3D Slicer v4 and identify possible mitigations

Focus on elevation of privilege threats; punt other threat types to a later stage.

Progress


Delivery Mechanism

  1. Document

References

  • Swiderski F, Snyder W. Threat Modeling. ISBN-0735619913
  • Howard M, LeBlanc D. Writing Secure Code, Second Edition. ISBN-0735617228