Hacken Token
$ -- --.--
Threat Modelling

Threat modeling is a technique for developing secure systems using a risk-based approach. Threats are identified and controls constructed to mitigate these as an integrated part of the development process rather than being an afterthought.

Threat modeling works by breaking down the problem of adequate system security into smaller and more manageable components that can be more easily secured. Using an organized framework for achieving this process will facilitate a deterministic approach to solving the problem. Hacken uses the STRIDE model to manage threat modeling.

Hacken’s experts are adept at seamlessly integrating into a client’s development team to provide expert advice on an ongoing and as required basis to ensure security is built into the foundations of any system or application. This approach offers significant efficiency savings when compared to bolting security controls onto a finished product and delivers a far more secure and maintainable solution.

This technique will significantly reduce the risk of critical vulnerabilities materializing at the production stage of a product where remediation costs will be exponentially higher when compared to implementing security by design in the earlier stages of the development life cycle.

01

Threat Models

A threat model is a process that reviews the security of an information system, identifies potential security issues, and determines the risk associated with each identified issue. The threat risk model process comprises the following steps:

  • Identification of Security Objectives – This step determines the overall goals the organization has concerning its security.
  • System Survey – The identification of the components that comprise the overall system, data transmission paths, and trust boundaries with external networks.
  • System Decomposition – The identification of the constituent components of the system that have a security impact or act as a control.
  • Threat Identification – The enumeration of potential known and credible threats to the system.
  • Vulnerability Identification – The assessment of identified threats and evaluation of system weaknesses for each threat.
02

STRIDE Threat Modelling

In the context of threat modeling, the STRIDE acronym stands for:

  • Spoofing Identity – Threats associated with an attacker taking on the identity of a user.
  • Tampering with Data – Threats associated with the unauthorized modification of information.
  • Repudiation – Threats associated with the unauthorized deletion or modification of transactional or access information in an attempt to refute that an event has taken place.
  • Information Disclosure – Threats associated with the unauthorized disclosure of sensitive information.
  • Denial of Service – Threats associated with the overwhelming of a system’s resources to halt the operation of the system.
  • Elevation of Privilege – Threats associated with an authorized user taking on the identity of a different user to gain access to services or information that they are not authorized to access.

The goal of STRIDE threat modeling is to deliver assurance that a system or application will meet the security properties of Confidentiality, Integrity, and Availability (CIA), along with Authorization, Authentication, and Non-Repudiation.

The principle behind threat modeling using STRIDE is the construction of a data flow diagram-based threat model by security subject matter experts. This model then allows the system engineers and other expert stakeholders to review the system or application against the STRIDE threat model classification scheme.

03

Threat Modelling Benefits

Threat modeling can be applied to systems and applications during development to counter problems before they occur. It also has an application for production systems where retrospective security assessment is required after the event. The main benefits to threat modeling come when it is adopted early in a development life cycle when the cost of implementing security controls is significantly reduced, and the risk of developing a system that can never be secure is eliminated. However, if its too late and the system is designed, threat modeling can still have a role to play in assuring the security of the developed system.

  • Analyze early, ideally during the preliminary design phase, once a complete design has been formed, is the most cost-effective option if possible.
  • Analyze each component individually during development to secure each component and simplify the security process during the integration of the elements.
  • Analyze the integrated system as part of verification and validation processes where issues can be resolved as part of the system debug procedures.

Whenever the system undergoes modification, the change control process should include a review of the threat modeling to identify the presence impact of security-related changes.