Difference between revisions of "2012 Summer Project Week:Threat Modeling"

From NAMIC Wiki
Jump to: navigation, search
Line 30: Line 30:
 
Focus on elevation of privilege threats; punt other threat types to a later stage
 
Focus on elevation of privilege threats; punt other threat types to a later stage
  
Meeting Tuesday noon-3PM, Location TBD
+
Meeting Tuesday noon-3PM, Room 32-D407
  
 
</div>
 
</div>

Revision as of 13:13, 19 June 2012

Home < 2012 Summer Project Week:Threat Modeling


Key Investigators

  • Kitware: Jean-Christophe Fillion-Robin (JC), Julien Finet (J2)
  • Radnostics: Anthony Blumfield

Objective

Identify “low hanging fruit” architecture enhancements that will limit the ability of using 3D slicer as a launching pad to take control of the host computer.

Why now? Earlier architectural changes are cheaper and reduce the application compatibility burden.



Approach, Plan

During project week we will create a high level threat model for 3D Slicer v4 and identify possible mitigations

Focus on elevation of privilege threats; punt other threat types to a later stage

Meeting Tuesday noon-3PM, Room 32-D407

Progress


Delivery Mechanism

  1. Document

References

  • Swiderski F, Snyder W. Threat Modeling. ISBN-0735619913
  • Howard M, LeBlanc D. Writing Secure Code, Second Edition. ISBN-0735617228