Amit Dori
Microsoft (Israel)
Threat Modelling for Cybersecurity and Safety in Modern Products
As the sophistication and complexity of modern products advances forward, the approach towards cybersecurity and safety has to evolve as well. This presentation will discuss the difficulties & opportunities in analysing threats for big systems such as operating systems, cloud infrastructures, and automobiles.
In the age of cybersecurity and safety regulation, such as with UNECE R155 requiring the automotive industry to address cybersecurity, threat modelling can be used to identify potential cybersecurity threats to vehicles and develop strategies to mitigate them. This can help create a better, structured process for security research and ensure that vehicles are compliant with the regulation.
We will propose ways, guidelines and techniques to perform a Threat Model at large scale as part of the Security Development Lifecycle (SDL) - Understanding the key elements of a system, its threats and assets Before jumping into code audits & fuzzing.
Before that I was a Security Research Team Lead at Mercedes-Benz Technological Hub Israel, focusing on automotive vulnerabilities and full exploitation chains.
I’m a security enthusiast who enjoys all aspects of Security Research and finding loopholes – in both code and real life 😎 I especially love transforming big & complex systems into research targets in a surgical & methodical way.