Threat Modeling Basics

Common Threat Modeling Methodologies

Threat modeling helps you identify and address potential security risks in your systems. Two widely used methodologies are STRIDE and DREAD. Each offers a simple framework for thinking about threats and prioritizing them.

STRIDE

STRIDE is a model for categorizing different types of security threats. Each letter stands for a specific threat category:

• Spoofing: An attacker pretends to be someone or something else, such as using a stolen password to log in;
• Tampering: Unauthorized changes are made to data, code, or configurations;
• Repudiation: Actions cannot be traced back to a user, allowing them to deny performing them;
• Information Disclosure: Sensitive data is exposed to unauthorized users;
• Denial of Service: Systems or services are made unavailable to legitimate users;
• Elevation of Privilege: An attacker gains higher access rights than they should have.

STRIDE helps you systematically review your system for each of these threat types.

DREAD

DREAD is a model for rating and prioritizing threats. It helps you decide which risks need the most urgent attention. Each letter stands for a factor to consider:

• Damage Potential: How much harm could the threat cause if exploited;
• Reproducibility: How easily the threat can be repeated by an attacker;
• Exploitability: How easy it is to carry out the attack;
• Affected Users: How many users would be impacted;
• Discoverability: How likely it is that an attacker will find the vulnerability.

By scoring each threat across these factors, you can focus on the most serious risks first.

Example: Threat Modeling for an Online Bookstore

Imagine you are part of a DevOps team building an online bookstore. Your team wants to ensure the application is secure before launch. Here’s how you might approach threat modeling:

Step 1: Analyze the System

• List all key components: website frontend, backend server, user accounts, payment processing, and database;
• Identify how users interact: browsing books, creating accounts, making purchases, and storing payment details;
• Map out data flow: customer information and payment details move between the frontend, backend, and database.

Step 2: Identify Threats

• Unauthorized access: attackers could try to log in as other users;
• Data theft: someone might steal customer data from the database;
• Payment fraud: attackers could intercept or manipulate payment information;
• Service disruption: the website could be targeted by denial-of-service (DoS) attacks.

Step 3: Define Mitigation Strategies

• Require strong passwords and implement multi-factor authentication for user accounts;
• Encrypt sensitive data in the database and during transmission;
• Use secure payment gateways and validate all payment information;
• Set up monitoring and rate limiting to detect and block DoS attacks.

By following these steps, you help protect your online bookstore against common threats and create a safer experience for your users.