Threat Modeling is an operational framework and organizational model to help aid a security engineer by providing a logical approach and language for secure system design. Threat modeling can be done at various stages in SDLC and in Platform & Infrastructure engineering. When used with SDLC it helps to incorporate it into earlier stages on forks and again on the final product itself. Then for Platform & Infrastructure it is best done in the requirements engineering phase as the security gating to move into other approvals.

Basic Threat Modeling Flow

• System Modeling

  • Identify Scope and System Components (Processes, Data Flows, Backups, Logging, etc)

    • Diagram the Solution

  • Identify Actors/Abusers

  • Identify

• Threat Assessment

• Address Threats

• Validate Model

Popular Threat Modeling Frameworks

There are many Threat Modeling frameworks that are in use and work well. Each are specialized towards a certain goal. The two covered here are STRIDE and PASTA. STRIDE is older but still a relivent starting place for general security engineering in the context of SOC Engineering. PASTA is a good private sector Security Engineering framework for platforming as it tends to allow for a more directed approach to the business needs.

STRIDE

• Spoofing

• Tampering

• Repudiation

• Information Disclosure

• Denial of Service

• Elevation of Privilege

PASTA (Process for Attack Simulation and Threat Analysis)

• Define Business Objectives

• Define the technical scope of assets and components

• Application decomposition and identify application controls

• Threat analysis based on threat intelligence

• Vulnerability detection

• Attack enumeration and modeling

• Risk analysis and development of countermeasures