AVCDL attack surface analysis - overview

This training covers how attack surface analysis is preformed within the AVCDL.

AVCDL repo:
https://github.com/AVCDL/AVCDL

training material source:
https://github.com/AVCDL/AVCDL/tree/main/training/attack%20surface%20analysis/

References:

AVCDL primary document

Attack Surface Analysis Report (AVCDL secondary document)

Updated Attack Surface Analysis (AVCDL secondary document)

Threat Modeling Report (AVCDL secondary document)

Threat Prioritization Plan (AVCDL secondary document)

Microsoft Attack Surface Analyzer
https://github.com/microsoft/attacksurfaceanalyzer

Mixed onions: red and brown onions, with and without skin, whole and sliced and in rings (Colin, CC BY-SA 3.0)
https://commons.wikimedia.org/wiki/File:Mixed_onions.jpg

Threat Modeling Vocabulary (capture of 11 May 2011 blog post)
https://web.archive.org/web/20161101093537/https://www.cigital.com/blog/threat-modeling-vocabulary/

Threat Modeling Glossary Diagram (for above blog post capture)
https://www.synopsys.com/blogs/software-security/wp-content/uploads/2015/08/threat-modeling-glossary-diagram.jpg

Service Name and Transport Protocol Port Number Registry
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

OBD II connector (M Minderhoud, CC BY-SA 3.0)
https://commons.wikimedia.org/wiki/File:OBD_002.jpg

Example of computer connector sockets on laptops. Dell M65, Dell M4300, Fujitsu-Siemens Celsius H250, F-S docking station, Dell docking station (Traveler100, CC BY-SA 3.0)
https://commons.wikimedia.org/wiki/File:Computer-connector-sockets.jpg

Objective 1.1: Common Protocols
https://en.wikibooks.org/wiki/Network_Plus_Certification/Technologies/Common_Protocols

160421-N-YE579-005 [USS Zumwalt] (National Museum of the U.S. Navy)
https://commons.wikimedia.org/wiki/File:160421-N-YE579-005_(26543438313).jpg

USS Gridley (DDG-101) 2008 (U.S. Navy)
https://commons.wikimedia.org/wiki/File:USS_Gridley_(DDG-101)_2008.jpg

Foundations of Supply Chain Management for Space Application
https://ntrs.nasa.gov/api/citations/20170011140/downloads/20170011140.pdf

Just enough operating system
https://en.wikipedia.org/wiki/Just_enough_operating_system

Chapters:

00:00 Title
00:11 Training Path
00:42 Introduction
03:06 Terminology
04:54 Simple System
07:21 Physical Ports
08:31 Logical Ports
11:58 Common Protocols
12:59 Operating Systems
19:42 Process-centric Worldview
21:07 Attack Surface Analysis Workflow
22:17 Excessive Exposure
25:21 Threat Candidate Information
26:31 Layers
28:58 Dependencies
30:23 Verification
31:02 Attack Surface Analysis Review
32:52 Summary
33:44 Further Reading
34:05 GitHub
34:29 Next Steps
34:58 References

Видео AVCDL attack surface analysis - overview канала AVCDL