Difference between revisions of "Threat Model"
(→Solutions) |
(→Solutions) |
||
| Line 37: | Line 37: | ||
| Elevation of Privilege || Authorization | | Elevation of Privilege || Authorization | ||
|} | |} | ||
| + | |||
| + | Template | ||
| + | # Spoofing | ||
| + | # Tampering | ||
| + | # Repudiation | ||
| + | # Information Disclosure | ||
| + | # Denial of Service | ||
| + | # Elevation of Privilege | ||
==References== | ==References== | ||
Revision as of 11:12, 6 February 2021
Full Title or Meme
A model of an information processing system that shows data flows around the system and which spots in the network that a susceptible to attack.
Context
Carnegie Mellon University Software Engineering Institute published a report on "Threat Modeling: 12 Available Methods" [1]
Loren Kohnfleder paper 'Threat Modeling Retrospective'[2]
Crispin Cowan on The Calculus of Threat Modeling [3]
Adam Shostack in 20 Years of STRIDE [4]
Problems
Solutions
A comprehensive Data Flow Diagram is the first step to creating a threat model.
STRIDE is an acronym for: Spoofing identity, Tampering data, Repudiation (denial of responsibility), Information disclosure (data breach), Denial of Service (DoS), and Elevation of privilege.[5]
Each threat is a violation of a desirable property for a system:
| Threat | Desired property |
|---|---|
| Spoofing | Authenticity |
| Tampering | Integrity |
| Repudiation | Non-repudiability |
| Information disclosure | Confidentiality |
| Denial of Service | Availability |
| Elevation of Privilege | Authorization |
Template
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privilege
References
- ↑ Nataliya Shevchenko, Threat Modeling: 12 Available Methods (2018-12-03) https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html
- ↑ Loren Kohnfleder, Threat Modeling Retrospective Medium https://medium.com/@lorenkohnfelder/threat-modeling-retrospective-72910908533c
- ↑ https://www.leviathansecurity.com/blog/the-calculus-of-threat-modeling
- ↑ Adam Shostack, 20 Years of STRIDE: Looking Back, Looking Forward. Dark Reading https://www.darkreading.com/20-years-of-stride-looking-back-looking-forward/a/d-id/1334275
- ↑ The threats to our Products. (199) Microsoft https://adam.shostack.org/microsoft/The-Threats-To-Our-Products.docx
- Michael Howard, Praerit Garg Loren M. Kohnfelder, RAPID APPLICATION SECURITY THREAT ANALYSIS US Patent 7,243,374 B2 (2007-07-12) Abstract
The following Subject matter provides for modeling an application's potential security threats at a logical component level early in the design phase of the application. Specifically, in a computer system, multiple model components are defined to represent respective logical elements of the application. Each model component includes a corresponding set of security threats that could potentially be of import not only to the component but also to the application as a whole in its physical implementation. The model components are interconnected to form a logical model of the application. One or more potential security threats are then analyzed in terms of the model components in the logical model.
