Cipher Book Review, Issue E174

Threats: What Every Engineer Should Learn From Star Wars
by Adam Shostack

Wiley 2023.
ISBN ISBN-13 978-1-119-89516-9 . 330 + xxiv pages

Reviewed by  Sven Dietrich   7/24/23 

"A Playful Approach We Need." Sometimes we need a lighter approach to learn the difficult, or shall we say challenging, aspects of a field. Peeking into the troglodyte world shown in the movie Star Wars, we feel a bit distanced from our "daily normal." The filming set Tataouine, this little town in Southern Tunisia, took many sci-fi fans to other worlds, supposedly somewhere beyond our little Earth, including the planet of Tatooine.

Adam Shostack uses this playful setting of Star Wars in his new book "Threats: What Every Engineer Should Learn From Star Wars" to introduce the concepts of threats, in the context of software security, not only to the regular engineer, but also the less experienced non-engineer. The book is a set of snippets about various security ideas often interspersed with anecdotes from the Star Wars movies as a means of explaining the more complex settings of computer security threats. We find the usual Star Wars suspects such as Darth Vader, Luke Skywalker, Princess Leia, Obi-Wan Kenobi, Yoda, R2-D2, and C3-P0 helping illustrate concepts such as authentication, spoofing, and more, via scenes from the Star Wars movies.

The book is about 330 pages long. There is a preface, an introduction, plus an epilogue, a glossary, a bibliography, a (Star Wars) story index, and a traditional index, sandwiched around 9 chapters. The author uses the tried-and-true STRIDE models from his previous teachings to name the first 6 chapters (the first letters spell STRIDE).

The first chapter is on Spoofing and Authenticity. Through basic concepts, command line examples, tables, diagrams, and a little help from Star Wars, the reader learns what those mean in a variety of settings (e.g. computer vs. user, computer vs. computer), how the bad guys work, and what the good guys are doing about it.

The second chapter is on Tampering and Integrity. Here the reader learns about targets of tampering (e.g. storage) and how the defenses work (e.g. via cryptography). The references that are sprinkled within are for those who wish to delve deeper, but the concepts are kept light and easy to follow.

The third chapter is on Repudiation and Proof. Here the reader will be exposed to identity theft, audit logs, attacks on logs, blockchains, and deepfakes. The style of description stays the same, always mixing the various views.

The fourth chapter is on Information Disclosure and Confidentiality. How could one not talk about 'A New Hope' and the stealing of the plans of the Death Star here? It's a perfect setting to explain those ideas and the author does a fine job at delivering a properly fitting scene to the reader.

The fifth chapter covers Denial of Service and Availability. Again, some explanations follow the first and second Death Star as examples. What attacks are possible, and how do we defend against them? Always anecdotes, little story boxes, and proper references to prior work and events.

The sixth chapter is named Expansion of Authority and Isolation. Here the reader will learn about privileges, privilege escalation, as well as confused deputies. Access control and complexity in design are also discussed here.

After the STRIDE chapters, the author adds the seventh chapter Predictability and Randomness. As a means of upping the ante against attackers, a lack of predictability defeats some attacks by the bad guys and randomness is still hard to achieve. There are always tradeoffs, such as time/memory as shown in rainbow tables.

The eighth chapter on Parsing and Corruption addresses several problems, such as type confusion, confusing code and data, and even parsing errors that can lead to serious threats.

Finally in the ninth chapter, the author wraps up with Kill Chains, such as the MITRE ATT&CK framework and attack trees.

The bibliography, while far from complete due to the nature (and lightness) of the book, is complete enough to provide a good introduction to the field.

Overall I liked reading this book: it is light and entertaining enough for the reader afraid to be overwhelmed by dense material, and it is light and entertaining enough for the reader who is "in the know" yet curious to see the parallels between Star Wars and software security. To put it in Yoda's terms, "Bored You Will Be Not." While I am more of a Trekkie than a Star Wars fan, this book put a smile on my face more than once while savoring those anecdotes. I hope you will enjoy reading this book as much as I did.


Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org