Threat Modeling: A Needed Methodology for a Secure World
Introduction to Threat Modeling
Threat Modeling is a fundamental pillar of security on the Internet and in any IT process and/or component. It is a methodology that, although it was originated in the mid-1970s, is currently much more present today due to the high level of connection and globalisation in which both the cybersecurity sector and the world, in general, find themselves. For this reason, this article will address how DEKRA makes a significant contribution to ensure that companies are prevented and secure from Threat Modeling by implementing extensive
cybersecurity services
.
Back to Threat Modeling origins
Some background is necessary, as this is a widely developed methodology. The first milestone to note would undoubtedly be the emergence of shared computing in the early 1960s (shared computing is used in a variety of fields as it is a model based on software that allows large calculations to be made, which are divided among a multitude of computers that centralize them on a single server). This led the attackers to start looking for ways to exploit these vulnerabilities for their own personal gain.
In 1977, architectural patterns [1] were created, showing how to organize the basic structure for software, and, in 1988, Robert Barnard developed and successfully applied the first profile of a computer system attacker.
Finally, in 1994 Edward Amoroso introduced the concept of the "threat tree", which led to the laying of the foundation of IT Threat Modeling and the development of the STRIDE methodology between 1998 and 1999 [4].
What is Threat Modeling
‘Threat Modeling' (at its most basic) refers to the fictional creation of possible scenarios in which the application may be compromised in one way or another. The creation of such scenarios is done by composing diagrams in which all possible (or, alternatively, the maximum possible) threats are depicted. The more complex and complete the diagram, the better the security coverage of the target application.
These early IT-based Threat Modeling methodologies were formed around the concept of architectural patterns, a concept first introduced in 1977 by Christopher Alexander. Another concept to be familiar with is the ‘Architectural patterns’ (also called archetypes), which offer certain solutions to architectural problems. They provide data about components, how they relate to each other and prohibitions on their use.
By looking at the characteristics of each of the models, we can obtain the main pillars on which a good Threat Modeling procedure can be considered as a good Threat Modeling procedure. For this purpose, a group of experts in the field such as Zoe Braiterman, Adam Shostack and Stephen de Vries created a document known as the 'Threat Modeling Manifesto' [2], which details a series of good practices and recommendations to follow when dealing with this issue.
Within this manifesto, they share several common principles, which are demonstrated below:
These principles make the application of Threat Modeling more fruitful and contribute to a healthy and robust model that can provide greater protection against threats. To conclude this section on the manifesto, the following points identify certain patterns that also benefit Threat Modeling:
Systematic approach
Achieve completeness and reproducibility by applying security and privacy knowledge in a structured way.
It should be noted that the following are the 4 most common and effective methodologies [3] currently used to perform Threat Modeling in a wide variety of functional and development environments:
STRIDE
The STRIDE approach to Threat Modeling was introduced in 1999 at Microsoft, providing a mnemonic for developers to find threats to the company's own products.
P.A.S.T.A
The Process for Attack Simulation and Threat Analysis is a seven-step, risk-focused methodology that provides a process for focusing business objectives alongside technical requirements, considering compliance issues and business analysis.
Trike
This methodology focuses on the use of threat models to have some risk management. In this area, threat models are basically used to successfully complete the security audit process.
VAST
The Visual, Agile and Simple Threat (VAST) methodology is based on 'Threat Modeler', a commercial automated Threat Modeling platform. VAST requires the creation of two models: for application threats and for operational threats.
The 5 steps to achieve an effective Threat Modeling
To begin Threat Modeling, it is advisable and highly recommended to follow the following 5 steps to obtain an effective and robust model for any type of threat.
These five steps are the foundations for an effective threat model, although adding more iterations to these steps would result in a detailed model that would be more effective. It should be noted that these steps apply to any of the methodologies described above, as well as to any other methodology dedicated to threat modeling:
Step 1
Identification of security objectives
Clear objectives help to focus the Threat Modeling activity and to measure the work to be devoted to the next steps.
Step 2
Step 3
Step 4
Step 5
In conclusion, Threat Modeling constitutes a very important source of information and a preventive security barrier for any process and/or computer development that is to be carried out.
The implementation of one or more measures related to Modeling during the life cycle of a software and/or product helps teams to keep them safe, secure and active in an efficient way, keeping threats away and users safe.
DEKRA
provides comprehensive cybersecurity services, including Threat Modeling, to help organizations proactively mitigate risks, protect users, and maintain system integrity in a hostile cyber environment.
References:
[1] Patrones de arquitectura de software. (SaasRadar). 14.08.22, https://saasradar.net/patrones-arquitectura-de-software/. Accessed June 12, 2024.
[2] Threat Modeling Manifesto. Threat Modeling Manifesto). n.d., https://www.threatmodelingmanifesto.org/#values. Accessed June 12, 2024.
[3] Threat Modeling. (Fortinet). n.d., https://www.fortinet.com/resources/cyberglossary/threat-modeling
[4] What is STRIDE Methodology in Threat Modelling. (KOENIG). 01.05.2023, https://www.koenig-solutions.com/blog/stride-methodology-in-threat-modelling#:~:text=What%20is%20the%20STRIDE%20Methodology,Authentication%2C%20and%20Non-Repudiation. Accessed June 12, 2024.