Links for Talk: "Threat Modeling in 2021"
- Introductory threat modeling resources
- Tools: MS TM Tool, Tutamen, Irius Risk
- Repudiation: GPS spoofing
- Seeds in the mail and why
- Information disclosure: New York Times, Tesla
- Kill chains: unifiedkillchain.com
- MITRE Att&ck
- Machine learning: Microsoft 1, Microsoft 2, my comments on the Microsoft approaches Berryville Institute of Machine Learning, my analysis.
- Conflict modeling: my conflict modeling site at github.
- Threat Modeling: Designing for Security (my book)
- Some of my other threat modeling talks on youtube
- My blog, with lots of threat modeling content
- The OWASP slack, which has an active #threatmodeling channel
Additional Links for the ASRG talk (September 2020)
This version of the talk was customized for the Automotive Security Research Group, and additional resources for that audience include:
- Ross Anderson at 36c3, cars are covered about 36 min in, but the whole talk is worthwhile
- Safety First for Automated Driving paper
- UN Regulations on Cybersecurity and Software Updates to pave the way for mass roll out of connected vehicles
- UL 4600
- SAE J3061