Threat Modeling and Security Architecture Analysis
What is Threat Modeling?
It provides the software development team an attacker’s or hostile user’s viewpoint, as the threat modeling exercise aims at identifying entry and exit points that an attacker can exploit.
It also helps the team to make design and engineering tradeoff decisions by providing insight into the areas where attention is to be
prioritized and focused, from a security viewpoint.
Benefits of Threat Modelling
- The primary benefit of threat modeling during the design phase of the project is that design flaws can be addressed before a single line of code is written, thereby reducing the need to redesign and fix security issues in code at a later time.
- Once a threat model is generated, it should be iteratively visited and updated as the software development project progresses.
- In the design phase, threat models development commences as the software architecture teams identify threats to the software.
Challenges of Threat Modelling
- Though the benefits of threat modeling are extensive, threat modeling does come with some challenges.
- Can be a time-consuming process when done correctly.
- Requires a fairly mature SDLC.
- Requires the training of employees to correctly model threats and address vulnerabilities.
- Is often deemed to not be a very preferential activity. Developers prefer coding and quality assurance personnel prefer testing.
over threat modeling.
- Is often not directly related to business operations and it is difficult to show demonstrable return on investment for threat models.
Threat Modeling Process
STRIDE category of threats
| Goal | Description | |
| S | Spoofing | Can an attacker impersonate another user or identity? |
| T | Tampering | Can the data be tampered with while it is in transit or in storage or archives? |
| R | Repudiation | Can the attacker (user or process) deny the attack? |
| I | Information Disclosure | Can information be disclosed to unauthorized users? |
| D | Denial of Service | Is denial of service a possibility? |
| E | Elevation of Privilege | Can the attacker bypass least privilege implementation and execute the software at elevated or administrative privileges? |
—–In Progress-
NOTE:The Information provided is on “as is” basis, without assurance of any kind.
About The Author
