Secure software needs design assurance, but code is too granular to spot all design problems. Moreover, contemporary threat modelling practices don’t account for the broader context of use, which could be the source of human errors or violations. CAIRIS is an open-source platform created to understand how tool-support could help design systems which are both secure and usable. In this talk, I’ll introduce CAIRIS and its key concepts, walk through how to carry out some simple threat modeling that accounts for context of use, model security risks, and consider how CAIRIS can be integrated into existing software design tool-chains.
π What will you learn?
β Glean an understanding of what CAIRIS is, and where it is useful and is not useful.
β Learn how to install and get started with CAIRIS.
β Model not just threats but key context of use elements of a system.
β Learn how to model risks and kill-chains of risks.
β Draw ideas on how to integrate CAIRIS into your own tool-chains.