Advancements in technology make it easier for hackers to manipulate sensitive data, uninstall software, etc. on a regular basis. As a consequence, Software Safety has become a major concern. One approach used to incorporate application security in the design process is through threat modelling.
Risks can be anything that can take advantage of a security breach weakness to adversely change, remove, damage artefacts or items of interest. Threat Modelling can be performed at any stage of development, but if implemented at the outset, it will help to identify early risks that can be properly addressed.
The objective of Threat Modelling is to define, communicate and appreciate risks and mitigation to the stakeholders of the company as soon as possible. Documentation from this phase provides network analysts and defences with a comprehensive analysis of the potential intruder persona, the most possible attack vectors, and the properties most needed by the intruder.
Threat modelling helps to achieve the following:
Defines security of application
Identifies and investigates potential threats and vulnerabilities
Results in finding architecture bugs earlier
The engineering team will be able to integrate application security as part of the design cycle by using threat analysis to define challenges, weaknesses, and prevention at the point of the design.
1. STRIDE –
STRIDE is a technique developed by Microsoft for predicting risks. Provides a mnemonic for security threats in five categories:
Spoofing
Repudiation
Tampering
Information Disclosure
Denial of Service
2. DREAD –
DREAD was suggested for assessment analysis, but Microsoft refused in 2008 due to conflicting scores. It is actually being used by OpenStack and many other companies. This offers a mnemonic vulnerability risk ranking assessment utilising five levels.
The divisions are as follows:
Damage Potential
Reproducibility
Exploitability
Affected Users
Discoverability
In the DREAD model, the probability can be estimated using an average of 5 categories.
3. P.A.S.T.A. –
The Process for Attack Simulation and Threat Analysis (PASTA) is a seven-step, risk-centric approach developed to provide comprehensive detection, enumeration, and ranking of risks.
4. TRIKE –
The emphasis is on the use of hazard models as a risk management method. Hazard models are based on a criteria layout. The criteria model determines the stakeholder-defined "appropriate" level of risk applied to each asset class. The review of the requirements model produces a threat model from which risks are defined and risk values allocated.
5. VAST –
VAST is the acronym for Visual, Agile, and Simple Risk Modelling. The approach offers workable outcomes to address the unique needs of various stakeholders, such as technology architects and engineers, cyber security staff, etc.
6. Modelling ATTACK TREE –
Attack trees are a mathematical model illustrating how an object or goal could be targeted. These are a multi-level structure consisting of a single root node, leaves and children's nodes. Bottom to Top, the child nodes are the requirements that must be met to render the direct parent node valid.
7. Common Vulnerability Scoring System (CVSS) –
This provides a means of identifying the main characteristics of the weakness and generating a numerical score (from 0 to 10, with 10 being the most severe) representing its seriousness.
8. T-MAP –
T-MAP is a technique used in Commercial Off The Shelf (COTS) applications to measure the weights of the attack routes. This model is built using UML class diagrams, access class diagrams, vulnerability class diagrams, goal asset class diagrams, and affected interest class diagrams.
