2012 Summer Project Week:Threat Modeling

From NAMIC Wiki
Jump to: navigation, search
Home < 2012 Summer Project Week:Threat Modeling

  • Unsecured code can be a launching pad to take control of the host computer.


Key Investigators

  • Kitware: Jean-Christophe Fillion-Robin (JC), Julien Finet (J2)
  • Radnostics: Anthony Blumfield

Objective

Identify “low hanging fruit” architecture enhancements that will limit the ability of using 3D slicer as a launching pad to take control of the host computer.

Why now? Earlier architectural changes are cheaper and reduce the application compatibility burden.



Approach, Plan

During project week we will create a high level threat model for 3D Slicer v4 and identify possible mitigations

Focus on elevation of privilege threats; punt other threat types to a later stage.

Progress


Delivery Mechanism

  1. Document

References

  • Swiderski F, Snyder W. Threat Modeling. ISBN-0735619913
  • Howard M, LeBlanc D. Writing Secure Code, Second Edition. ISBN-0735617228
Retrieved from "https://www.na-mic.org/w/index.php?title=2012_Summer_Project_Week:Threat_Modeling&oldid=76219"