Explore threat modeling in the gaming industry through this conference talk, focusing on client-side logic, proprietary network protocols, user account management, and playing on untrusted platforms. Gain insights into the threat modeling process, including system attack surface analysis, threat modeling syntax, asset and control identification, and threat quantification. Discover how to consider business risks, break away from overly secure designs, and create effective system models with trust boundaries. Learn about threat agents, timing of threat modeling, and the importance of small details. Examine gaming platforms, consoles, and reusable components, while understanding the challenges of trusted versus untrusted environments. Apply these concepts to enhance security and improve user experience in game development.
Overview
Syllabus
Intro
Threat Modeling Overview • Depiction of a systems attack surface and how a set
Threat Modeling Syntax
Assets and Controls
Quantifying Threats
Threat Modeling Process
Considering Business Risks
Breaking Away From Super Secure Design
Modeling the System . The threat model builds from an initially created system model
Trust Boundaries
Threat Agents
When to Threat Model?
The Little Things Matter
Let's Illustrate
Gaming Platforms Game Consoles
Modeling all the Things
Re-Usable Components
Trusted on Busted
Program Considerations
Taught by
NorthSec
