Threat Modeling Again, Analyzing the threats to PlaySound

re: Threat Modeling Again, Analyzing the threats to PlaySound

Dennis E. Hamilton — Fri, 14 Sep 2007 00:25:39 GMT

I think here, around "spoofing issue against the audio APIs," you've pretty much explained why you don't see a threat surface there, since it comes down to someone running as administrator and the PC becoming owned any number of ways.

The prospect of trojan Audio Playback attacking the system also seems remote in that case, since it will run at the privilege level of the requester (so the install process is more favorable as an attack injection anyhow).

Did I miss anything?

I'm still uneasy and I think it's this: Even if you had some only-global-mitigation (or more-appropriately worded) annotation/marker on that dataflow, it would provide a placeholder for your rational for why there is no meaningful mitigation to be taken at Playsound itself because of what has to have happened. It would be good to have the narration of your thinking be preserved and visible for those who come after you and consider making changes. [I am speculating beyond my knowledge of the practice and of Playsound itself.]

re: Threat Modeling Again, Analyzing the threats to PlaySound

LarryOsterman — Fri, 14 Sep 2007 00:38:24 GMT

That sounds about right.

Actually I think the comments in your 4th paragraph are quite reasonable, I'll do my best to ensure that the final threat model contains this reasoning.

re: Threat Modeling Again, Analyzing the threats to PlaySound

Triangle — Sat, 15 Sep 2007 02:15:20 GMT

"for PlaySound, there is no risk of the interactor repudiating their action (nobody's going to come along and claim that they didn't really make that noise)."

None immediately come to mind, but I'm willing to bet there are situations where that isn't always true.

Some final thoughts on Threat Modeling...

Larry Osterman's WebLog — Mon, 01 Oct 2007 19:54:13 GMT

I want to wrap up the threat modeling posts with a summary and some comments on the entire process. Yeah,