“It is Time to Start Threat Modelling”

Introduction

Threat modelling is a systematic approach for identifying and evaluating potential threats against a system or application. It enables organizations to build security into the design and architecture of a system from the outset. As computing environments grow more complex, interconnected, and reliant on software, threat modelling has become an indispensable practice in securing systems against increasingly sophisticated attacks.

Threat Modelling Methodologies

Several established methodologies exist for performing threat modelling assessments. While differing in their specifics, these share the overarching goal of methodically evaluating systems for vulnerabilities that could be potentially exploited by malicious actors.

STRIDE

The STRIDE model provides a simple taxonomy for classifying common threat types – Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege. For each component in a system architecture, potential vulnerabilities are enumerated under the STRIDE categories to identify areas for security improvements. This methodology is lightweight, easy to understand and provides a good starting point for threat modelling.

PASTA

The Process for Attack Simulation and Threat Analysis (PASTA) is a risk-centric methodology comprised of 7 stages – defining business objectives, defining technical scope, decomposing the application, identifying threats, documenting, and ranking threats, defining countermeasures, and validating results. PASTA provides a flexible framework for correlating threats to business risks and prioritizing security efforts based on impact.

VAST

Visual, Agile and Simple Threat modelling (VAST) emphasizes collaborative threat modelling through easy-to-use visual models and diagrams. VAST strives to make threat modelling accessible for agile development teams by promoting active participation across roles, integration with issue tracking systems and continuous threat model updates.

TRIKE

The Trike threat modelling framework adopts a risk-based view of evaluating threats, focusing on defining threat actors, determining exploitable vulnerabilities, and assessing risk levels based on actor skill, motive, and opportunity. Trike provides structured tools for risk assessment, including a threat modelling ontology and risk calculator.

OCTAVE

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) process is a risk-based strategic assessment and planning method that focuses on assessing organizational risks with little to no focus on technological risks

DREAD

DREAD is a threat modelling framework that assesses threats based on 5 categories:

  • Damage Potential – How much damage could occur if the threat is realized?
  • Reproducibility – How easy is it to reproduce the attack?
  • Exploitability – How much expertise is needed to exploit this vulnerability?
  • Affected Users – How many users could be impacted?
  • Discoverability – How easy is it to discover this vulnerability?

Each category is ranked on a scale from 1 (lowest) to 10 (highest) and then multiplied together to get an overall DREAD score. Higher scores indicate more severe threats.

MITRE ATT&CK FRAMEWORK

The MITRE ATT&CK framework is a knowledge base of adversary tactics and techniques based on real-world observations. It consists of tactic categories such as initial access, execution, persistence etc. Each category contains specific techniques that could be used in that stage of an attack. The framework allows organizations to model adversary behaviour and develop defences.

CVSS

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating vulnerability severity and characteristics. CVSS scoring involves base metrics, temporal metrics, and environmental metrics. The base score represents intrinsic qualities of a vulnerability. Temporal and environmental scores represent threat context. Scores range from 0 to 10, with 10 being the most severe. CVSS helps organizations prioritize remediation.

Threat Modelling Best Practices

For organizations seeking to implement threat modelling, incorporating the following best practices will maximize its effectiveness:

  • Start threat modelling early – Threat modelling at design time identifies vulnerabilities early when they are cheaper to remediate.
  • Involve multiple stakeholders – Cross-functional input from dev, ops, security, and business roles provides diverse expertise.
  • Update continuously – Threat models must be living artifacts, updated through development lifecycles.
  • Prioritize threats – Rank threats based on severity and exploitability to focus remediation.
  • Validate with red teams – red team exercises validate modelled threats with real-world attacks.
Threat Modelling Tools

Specialized tools can provide automation and consistency in executing threat modelling initiatives. Popular options include:

Microsoft Threat Modelling Tool – Integrates with Microsoft development stacks and provides automated threat analysis using STRIDE methodology.

IriusRisk – multi-faceted tool supporting multiple threat modelling approaches with robust visualization capabilities.

Threat Dragon – Open-source tool for building threat models following various methodologies. Provides integration with popular dev tools.

Conclusion

Threat modelling introduces proactive security early in development lifecycles by systematically analysing and addressing risks. Frameworks like STRIDE, PASTA and Trike provide methodical approaches for identifying threats and ranking their severity. To implement threat modelling successfully, organizations should involve diverse stakeholders, integrate continuously with dev cycles, and validate modelled threats. By following best practices and leveraging purpose-built tools, organizations can mature their threat modelling programs to improve security and meet compliance mandates.

Further Reading:

OWASP Threat Modelling Guide https://owasp.org/www-community/Threat_Modeling

Microsoft Threat Modelling Tool https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool

NIST Cybersecurity Practice Guide on Threat Modeling: https://csrc.nist.gov/publications/detail/sp/800-154/draft

Other Tooling & Resources worth checking out:

https://app.threat-modeling.com/

https://threatsmanager.com/

https://threatmodeler.com/

https://simoneonsecurity.com/

https://www.tutamantic.com/

https://eopgame.azurewebsites.net/ https://threats-demo.thenerdgroup.de/

How Can ITM Help You?

IT Minister covers all aspects of Cyber Security including but not limited to Home cyber Security Managed Solutions to automated, Manage Threat IntelligenceDigital Forensic InvestigationsPenetration TestingMobile Device ManagementCloud Security Best Practice & Secure Architecture by Design and Cyber Security Training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.