threat modeling
last edited Fri, 20 Sep 2024 07:20:06 GMT
backlinks: null
A method where security attributes of an existing system are identified to understand security threats and potential mitigation. The overall process involves organizing and analyizing critical details involving the system's infrastructure. The process can be repeated as the system evolves and changes over time. [1]
Threat modeling consists of asking ourselves 4 key questions; What are we working on? What can go wrong? What are we going to do about it? And, did we do a good enough job? [2]
Threat Modeling in 5 Steps [3] Identify assets, threats, and vulnerabilities prior to building the threat model. Databases, software, ann hardware can all be assets. Perform the following steps for each asset.
- identify your security objectives
- create an application overview detailing users, input/output
- decompose the application and underlying behavior using a data flow diagram (DFD)
- identify threats from data collected in step 2 and 3
- identify vulnerabilties
Methodology direct link to this section
DREAD direct link to this section
Classification that results in a numerical value used to measure amount of risk with each threat. Result is a value 0-10.
Risk Score = (DAMAGE + REPRODUCIBILITY + EXPLOITABILITY + AFFECTED USERS + DISCOVERABILITY)
STRIDE direct link to this section
Used by Microsoft's threat modeling tool and by OWASP's Threat Dragon.
| Threat Category | Violation |
|---|---|
| spoofing | authenticity |
| tampering | integrity |
| repudiation | non-repudiability |
| information disclosure | confidentiality |
| denial of service | availability |
| elevation of privileges | authorization |
LINDDUN direct link to this section
Based on STRIDE.
- model the system, typically using DFDs
- elicit threats by going over each of thee DFD elements. Each identified threat should be documented.
- manage threats and prioritize according to risk, then apply suitble mitigation strategies
OCTAVE direct link to this section
Operationally Critical Threat, Asset, and Vulnerability Evaluation methodology, focuses on organizational risk.[4] The methodology is qwll documented to an overwhelming degree.
PASTA direct link to this section
Process for Attack Simulation and Threat Analysis
- Define Business Objectives
- Define Tech Scope
- App Decomposition
- Threat Analysis
- Vulnerability Detection
- Attack Enumeration
- Risk/Impact Analysis
Real World Examples direct link to this section
- Libreserver's project has it's own threat model.
- o-auth
- Secure Drop's threat model is extremely robust because of the adversaries it faces by design [5]. There are many assumptions made about the source, administrator and journalist, and any individual installing Secure Drop.
- Details on Signal's assumed threat model is analyzed in various papers.[6]
- See Docker.[7]
- Heads OS
- XEP-0384: OMEMO Encryption