Threat Modeling the PASTA Way

There’s a really interesting podcast with Robert Hurlbut Chris Romeo and Tony UcedaVelez on the PASTA approach to threat modeling. The whole podcast is interesting, especially hearing Chris and Tony discuss how an organization went from STRIDE to CAPEC and back again.

There’s a section where they discuss the idea of “think like an attacker,” and Chris brings up some of what I’ve written (“‘Think Like an Attacker’ is an opt-in mistake.”) I think that both Chris and Tony make excellent points, and I want to add some nuance around the frame. I don’t think the opposite of “think like an attacker” is “use a checklist,” I think it’s “reason by analogy to find threats” or “use a structured approach to finding threats.” Reasoning by analogy is, admittedly, hard for a variety of reasons, which I’ll leave aside for now. But reasoning by analogy requires that you have a group of abstracted threats, and that you consider ‘how does this threat apply to my system?’ You can use a structured approach such as STRIDE or CAPEC or an attack tree, or even an unstructured, unbounded set of threats (we call this brainstorming.) That differs from good checklists in that the items in a good checklist have clear yes or no answers. For more on my perspective on checklists, take a look at my review of Gawande’s Checklist Manifesto.

Tony’s book is “Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis

Electoral Chaos

[Dec 15: Note that there are 4 updates to the post with additional links after writing.]

The Green Party is driving a set of recounts that might change the outcome in one or more swing states. Simultaneously, there is a growing movement to ask the Electoral College to choose a candidate other than Donald Trump to be the next President of the United States. Some surprisingly serious people are publicly making arguments for the Electoral College taking an active role, including law professors Sandy Levinson and Lawrence Lessig. Lessig’s essay at the Washington Post starts:

Conventional wisdom tells us that the electoral college requires that the person who lost the popular vote this year must nonetheless become our president. That view is an insult to our framers. It is compelled by nothing in our Constitution. It should be rejected by anyone with any understanding of our democratic traditions  — most important, the electors themselves. (“The Constitution lets the electoral college choose the winner. They should choose Clinton,” Lawrence Lessig)

Lessig’s piece links to Federalist #68, written by the newly popular Hamilton. Having the electoral college not vote for Trump, after Clinton conceded, and after the current President met with him, seems problematic at best. Trump promised to respect the results if he was elected, but yesterday tweeted claims that “millions” had voted illegally, which might lead one to expect that some had voted illegally for him, adding legitimacy to a recount or re-evaluation of results.

A Electoral College outcome other than Trump will be labeled a “stolen election,” and there have already been threats of violence by surprisingly serious people. Some of those who might engage in violence are already are engaged in disgraceful and un-American attacks on their fellow citizens based on race, creed, color, gender, or sexual orientation. They seem to treat the election as a “great disinhibition.” However, as horrifiying as those attacks are, and as many as there are, there are people who would not engage in such attacks but would call the election stolen. That would further undercut the legitimacy of the Federal government. (Chaos and legitimacy is topic that’s been occupying my thoughts for a while, but I have relatively little to say which is new.)

My take: the Electoral College exists for a reason. (See the above-linked Federalist #68). The best choice from a very bad set of possibilities is a “caretaker” government. The country is roughly evenly divided in hating either Clinton, Trump, or both. We should select a President who will not push for large changes or mess things up, and can start to address the real class issues which were exposed by the election. A middle of the road Republican and Democrat might be less unpalatable than other options.

Some relevant and interesting links:

Please keep comments civil. Additional interesting links are welcome.

[Update Dec 2: This is a thoughtful, left-wing consideration of the election, which makes the point that no single explanation is dominant. “Everything mattered: lessons from 2016’s bizarre presidential election.” Also, seven electors are now looking to strike a deal: “Teen becomes seventh ‘faithless elector’ to protest Trump as president-elect.” By the way, there’s probably an interesting story in how a 19 year old becomes a member of the Electoral College. Lastly, the Economist has an article on “Why an electoral college rebellion would be a bad idea.”]

[Update Dec 8: “Dump the electoral college? Bad idea, says Al Gore’s former campaign chairman.,” which includes the argument “it forces candidates to campaign in a variety of closely contested races, where political debate is typically robust.” Despite that, Texas Republican Elector Christopher Suprun has written “Why I Will Not Cast My Electoral Vote for Donald Trump.”]

[Update Dec 12: Videos: from one of the Hamilton Electors, Tucker Carlson vs. 2 Electors. “Electors demand intelligence briefing before Electoral College vote.”]

[Update Dec 15: “Virginia congressman calls for delay in electoral college vote,” and the open letter “Bipartisan Electors Ask James Clapper: Release Facts on Outside Interference in U.S. Election” now has over 50 signatures, and NBC is reporting that “Putin Personally Involved in U.S. Election Hack,” and that has to play into questions about legitimacy and the choice of Electors.]

Mac Command Line: Turning Apps into Commands

I moved to MacOS X because it offers both a unix command line and graphical interfaces, and I almost exclusively use the command line as I switch between tasks. If you use a terminal and aren’t familiar with the open command, I urge you to take a look.

I tend to open documents with open ~/Do[tab]… I wanted a way to open more things like this. I wanted to treat every app as if it were a command. I did this a little while back, and recently had to use a Mac without these little aliases and it was annoying! (We know that mousing was objectively faster and cognitively slower than keyboard use.

So I thought I’d share. This works great in a .tcshrc. I spent a minute translating into bash, but the escaping escaped me. Also, I suppose there might be a more elegant approach to the MS apps, but it was easier to write 5 specific aliases than to figure it out.

Anyway, here’s the code:

foreach f (/Applications/*.app /Applications/Utilities/*.app)
    set t=`basename -a $f`
	# Does not work if your app has a shell metachar in the name. Lookin' at you, superduper!
    set w=`echo $t | sed  -e 's/ //g' -e  's/.app$//'  | tr '[A-Z]' '[a-z]'`
    alias $w open -a \""$f"\"
end

alias excel open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\ Excel.app"
alias word open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\ Word.app"
alias powerpoint open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\ PowerPoint.app"
alias ppt powerpoint
alias xls excel

(Previously: Adding emacs keybindings to Word.)

Election 2016

This election has been hard to take on all sorts of levels, and I’m not going to write about the crap. Everything to be said has been said, along which much that never should have been said, and much that should disqualify those who said it from running for President. I thought about endorsing Jill Stein, the way we endorsed McCain-Palin in 2008, but even the Onion is having trouble being funny.

One thing which makes the American election system less functional is the electoral college system, which means that essentially a small number of states decide the election.

There is an effort underway to change that to a national popular vote, and there’s a group working towards that by getting states to agree amongst themselves to allocate their electoral college votes towards the winner of the national popular vote, once enough states have made that commitment to control the results of the elections. Its a pretty neat approach to patching the Constitution, and you can learn more at National Popular Vote.

Also in the spirit of nice things to see today, WROC in Rochester is streaming from the resting place of Susan B Anthony, whose tombstone has been covered with “I voted” stickers, and as I watch, people are reading the Seneca Falls Declaration.

Learning from Our Experience, Part Z

One of the themes of The New School of Information Security is how other fields learn from their experiences, and how information security’s culture of hiding our incidents prevents us from learning.

Zombie survival guide

Today I found yet another field where they are looking to learn from previous incidents and mistakes: zombies. From “The Zombie Survival Guide: Recorded Attacks:”

Organize before they rise!

Scripted by the world’s leading zombie authority, Max Brooks, Recorded Attacks reveals how other eras and cultures have dealt with–and survived– the ancient viral plague. By immersing ourselves in past horror we may yet prevail over the coming outbreak in our time.

Of course, we don’t need to imagine learning from our mistakes. Plenty of fields do it, and so don’t shamble around like zombies.