Threat modeling is a technique for developing secure systems using a risk-based approach. Threats are identified and controls constructed to mitigate these as an integrated part of the development process rather than being an afterthought.
Threat modeling works by breaking down the problem of adequate system security into smaller and more manageable components that can be more easily secured. Using an organized framework for achieving this process will facilitate a deterministic approach to solving the problem. Hacken uses the STRIDE model to manage threat modeling.
Hacken’s experts are adept at seamlessly integrating into a client’s development team to provide expert advice on an ongoing and as required basis to ensure security is built into the foundations of any system or application. This approach offers significant efficiency savings when compared to bolting security controls onto a finished product and delivers a far more secure and maintainable solution.
This technique will significantly reduce the risk of critical vulnerabilities materializing at the production stage of a product where remediation costs will be exponentially higher when compared to implementing security by design in the earlier stages of the development life cycle.
A threat model is a process that reviews the security of an information system, identifies potential security issues, and determines the risk associated with each identified issue. The threat risk model process comprises the following steps:
In the context of threat modeling, the STRIDE acronym stands for:
The goal of STRIDE threat modeling is to deliver assurance that a system or application will meet the security properties of Confidentiality, Integrity, and Availability (CIA), along with Authorization, Authentication, and Non-Repudiation.
The principle behind threat modeling using STRIDE is the construction of a data flow diagram-based threat model by security subject matter experts. This model then allows the system engineers and other expert stakeholders to review the system or application against the STRIDE threat model classification scheme.
Threat modeling can be applied to systems and applications during development to counter problems before they occur. It also has an application for production systems where retrospective security assessment is required after the event. The main benefits to threat modeling come when it is adopted early in a development life cycle when the cost of implementing security controls is significantly reduced, and the risk of developing a system that can never be secure is eliminated. However, if its too late and the system is designed, threat modeling can still have a role to play in assuring the security of the developed system.
Whenever the system undergoes modification, the change control process should include a review of the threat modeling to identify the presence impact of security-related changes.