What is Threat Modeling?
It provides the software
development team an attacker’s or hostile user’s viewpoint, as the threat
modeling exercise aims at identifying entry and exit points that an attacker
can exploit.
It also helps the team to make
design and engineering tradeoff decisions by providing insight into the areas
where attention is to be
prioritized and focused, from a security viewpoint.
Benefits of Threat Modelling
•The primary benefit of threat
modeling during the design phase of the project is that design flaws can be
addressed before a
single line of code is written, thereby reducing the need to
redesign and fix security issues in code at a later time.
•Once a threat model is generated,
it should be iteratively visited and updated as the software development
project progresses.
•In the design phase, threat
models development commences as the software architecture teams identify
threats to the software.
Challenges of Threat Modelling
•Though the benefits of threat
modeling are extensive, threat modeling does come with some challenges.
•Can be a time-consuming
process when done correctly.
•Requires a fairly mature SDLC.
• Requires the training of
employees to correctly model threats and address vulnerabilities.
•Is often deemed to not be a
very preferential activity. Developers prefer coding and quality assurance
personnel prefer testing \
over threat modeling.
•Is often not directly related
to business operations and it is difficult to show demonstrable return on
investment for threat models.
Threat Modeling Process
STRIDE category of threats
|
Goal
|
Description
|
|
S
|
Spoofing
|
Can an attacker
impersonate another user or identity?
|
|
T
|
Tampering
|
Can the data be
tampered with while it is in transit or in storage or archives?
|
|
R
|
Repudiation
|
Can the
attacker (user or process) deny the attack?
|
|
I
|
Information
Disclosure
|
Can information
be disclosed to unauthorized users?
|
|
D
|
Denial of
Service
|
Is denial of
service a possibility?
|
|
E
|
Elevation
of Privilege
|
Can the
attacker bypass least privilege implementation and execute the software at
elevated or administrative privileges?
|
-----In Progress-
NOTE:The Information provided is on "as is" basis, without assurance of any kind.
