Threat Modeling is an essential framework for identifying, analyzing, and mitigating security threats. Today, we’re diving into a blog post that unpacks this concept and introduces us to STRIDE, a threat modeling system born at Microsoft.
The Three Views of Threat Modeling
-
- Attacker View: Think like the enemy. What are their goals? Whether it’s a terrorist group wanting to deface your website or a disgruntled marketer aiming to sabotage a competitor, understanding the attacker’s mindset is crucial.
- Asset View: This is all about identifying what’s valuable in your system—be it sensitive user data or proprietary algorithms—and understanding how these assets could be exploited.
- System View: Here, you’re looking at the architecture of your system to identify potential attack vectors. Ever heard of STRIDE? It’s a classic example of this approach.
STRIDE Unpacked
-
- Spoofing: This is about impersonation. From ARP spoofing to brute-forcing login credentials, the aim is to fool the system into believing the attacker is legit.
-
- Tampering: Think SQL injections and XSS. The attacker modifies data to serve their malicious ends.
-
- Repudiation: This is the “It wasn’t me” of cyber threats. The attacker covers their tracks, making it difficult to prove they did anything wrong.
-
- Information Disclosure: This is your classic data breach scenario. Too much information is revealed to those who shouldn’t have access to it.
-
- Denial of Service (DoS): From simple to complex, these attacks aim to make your services unavailable.
-
- Elevation of Privilege: This is about exploiting system flaws to gain unauthorized access to resources.
Security Properties vs. STRIDE
-
- Authentication thwarts Spoofing
-
- Integrity combats Tampering
-
- Non-Repudiation fights against Repudiation
-
- Confidentiality plugs Information Disclosure
-
- Availability defends against DoS
-
- Authorization prevents Elevation of Privilege
The CIA Triad & STRIDE
The CIA triad—Confidentiality, Integrity, and Availability—is the backbone of information security policy. When using STRIDE, focus on the highest risk components that relate to the CIA triad.
STRIDE in Action
Integrate STRIDE into your development process. Start with an architectural discussion, identify high-risk components, and then decide on the security controls that need to be implemented. The final call on whether to block a release or delay fixes is up to the development team.
Threat modeling and STRIDE are not just theoretical concepts; they’re practical tools that every cybersecurity professional should have in their toolkit. Consider leveraging Microsoft’s Threat Modeling Tool as a core element of your Security Development Lifecycle.
Take next steps
Here at Careful Security, we can help guide Threat Modeling exercises for the best outcome for your organization and systems. We are experts in Threat modeling, STRIDE and the usage of Microsoft’s Threat Modeling Tool. Let us help you build and apply threat models for architecture, systems and processes.