Threat Model

Full Title or Meme

A model of an information processing system that shows data flows around the system and which spots in the network that a susceptible to attack.

Context

Carnegie Mellon University Software Engineering Institute published a report on "Threat Modeling: 12 Available Methods" ^[1]

Loren Kohnfleder paper 'Threat Modeling Retrospective'^[2]

Crispin Cowan on The Calculus of Threat Modeling ^[3]

Problems

Solutions

A comprehensive Data Flow Diagram

STRIDE is an acronym for: Spoofing identity, Tampering data, Repudiation (denial of responsibility), Information disclosure (data breach), Denial of Service (a.k.a. DoS), and Elevation of privilege.^[4]

References

↑ Nataliya Shevchenko, Threat Modeling: 12 Available Methods (2018-12-03) https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html
↑ Loren Kohnfleder, Threat Modeling Retrospective () Medium https://medium.com/@lorenkohnfelder/threat-modeling-retrospective-72910908533c
↑ https://www.leviathansecurity.com/blog/the-calculus-of-threat-modeling
↑ The threats to our Products. (199) Microsoft https://adam.shostack.org/microsoft/The-Threats-To-Our-Products.docx

[1] Nataliya Shevchenko, Threat Modeling: 12 Available Methods (2018-12-03) https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html

[2] Loren Kohnfleder, Threat Modeling Retrospective () Medium https://medium.com/@lorenkohnfelder/threat-modeling-retrospective-72910908533c

[3] ttps://www.leviathansecurity.com/blog/the-calculus-of-threat-modeling

[4] The threats to our Products. (199) Microsoft https://adam.shostack.org/microsoft/The-Threats-To-Our-Products.docx

[1]

[2]

[3]

[4]

Threat Model

Contents

Full Title or Meme

Context

Problems

Solutions

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Sidebar Links