Threat Modeling
- Perspectives
- Attacker centric
- Architecture centric
- Asset-centric
Asset Centric Threat Modeling
- Identify the assets
- Asset = anything of value
- Assign an ID to each of them
- Define trust levels
- Outline architecture
- Identify what the application does - With uses cases
- Who can do what. What it should do. (Instead of what it should do, this
is completely non-functional)
- Does and don’ts
- Identify the components (arch diagram)
- Identify the technologies being used
- Decompose the applications
- Identify trust boundaries
- Which part should I trust?
- Which components should trust other components?
- Identify the data flows
- Identify the entry points
- Identify privileged code
- Document the Security Profile
- Identify threats- STRIDE Method - Categorization is the key to
model threats in a systematic way.
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privilege
- Document the threats
- ID
- Name
- Description
- Categories (STRIDE)
- Entry Points
- Relevant Assets
- Mitigation
- Rate security of threats
- Probability and damage rating
- Overall risk = prob x damage
- DREAD Model
- Ease of exploitation
- Discoverability
- Reproducibility
- Exploitability
- Impact
- Affected Users
- Damage Potential