Aneesh Bhargav
December 5, 2022

Threat Modeling Methodology: How Do They Work?

With the increase of IoT devices and distributed systems, protecting a company's data from breaches and hackers has become the single agenda for many businesses. Threat modeling tools can provide a reliable and comprehensive outlook on the imminent threat. Assessing the danger long before can help an organization safeguard its confidential information from falling into the hands of hackers.

What is Threat Modeling? 

Threat modeling is fundamental to the Security Development Lifecycle (SDL). This technique can uncover potential threats, attacks, flaws, and defenses that could impact your application. You can utilize threat modeling to determine the design of your application, achieve your organization's security goals, and reduce risk.

Top 5 Threat Modeling Methodologies & Their Working Procedures 

There are five popular ways to conduct threat modeling. Let us explore what they are and how they work to achieve the goal.

1. STRIDE

STRIDE is one of the most prevalent threat modeling tools and a developer-centric methodology. It is an acronym for the following concepts that it covers:

  • Spoofing identity
  • Tampering with data
  • Repudiation threats
  • Information disclosure
  • Denial of service
  • Elevation of privileges

STRIDE will let you create data flow diagram-based threat models of any target application. This methodology helps to enlist potential threats with the help of user and abuser stories. One can also map the threats according to their types and categorize the attackers' goals in 1 of 6 classifications along with adequate security measures. 

2. PASTA

Though it sounds delicious, it has no connection with Italian delicacy. PASTA stands for 'Process of Attack Simulation and Threat Analysis.

One of the sought-after threat modeling tools, PASTA has been renowned for its risk-centric approach to assessing the probability of a future attack. Furthermore, it helps to identify and prioritize threats and correlate business objectives with security requirements in just 7 steps. These are:

Step 1: Define the objectives: e.g., What is the app's purpose?

Step 2: Define the technical scope: e.g., What dependencies do you have?

Step 3: Decompose the app: e.g., How do all your components communicate together?

Step 4: Analyze the threats: e.g., What sort of threats do you face?

Step 5: Vulnerability analysis: e.g., What is wrong with your app/design?

Step 6: Attack analysis: e.g., How serious is each vulnerability?

Step 7: Risk & impact analysis: e.g., How is your app/business affected by these flaws?

The end goal of PASTA is to reduce and manage security risks. 

3. VAST

VAST is an acronym for Visual, Agile, and Simple Threat. It's an automated methodology that aims to integrate threat modeling into the DevOps infrastructure. Using VAST will offer many benefits, such as ensured scalability and reliable and actionable results for developers, security teams, and senior executives. 

It provides two threat models: The application Threat Model and the Operational Threat Model. 

The Application Threat Model is made using the process flow diagrams, which can strategize various features of the application. On the other hand, the Operational Threat Model is suitable for infrastructure teams and features a data flow diagram from the attackers' perspective. 

4. OCTAVE

The Operationally Critical Threat, Asset, and Vulnerability Evaluation is the complete form of the OCTAVE methodology. This works as one of the crucial threat modeling tools and can asses organization-wide risks from breached data assets. 

Operations and IT teams mostly favored the OCTAVE method to create documentation and raise risk awareness within the organization's ambit. 

It works in 3 phases, and these are:

Phase 1:

Phase 1 builds an asset-based threat profile and analyzes the organization's assets by providing employees with questionnaires. It also develops a list of security requirements with the help of the gathered information. 

Phase 2: 

The next phase involves the identification of the infrastructure vulnerabilities. Then the high-priority data assets are mapped to information infrastructure and conduct a vulnerability evaluation. 

Phase 3: 

In this phase, a security strategy is developed. One needs to prioritize the risks found and build a solid plan to combat their threat influence in the organization. 

5. Trike

Trike is not an acronym but an open-source threat modeling process for cyber risk management. Trike uses a 'requirement model' to determine the acceptable level of risk for each asset. 

In Trike, the process initiates with a data flow diagram to illustrate the data flow and action a user can perform in a system state. Then one needs to analyze all of the acquired data to form a Trike threat model. With the identification of the threats, one can assign risk values and take the mitigating controls for them. 

These are just short discussions on various threat model tools organizations can opt for. 

Want to go deeper into Threat Modeling, with hands-on labs? Start with these 2 courses on AppSecEngineer:

No Threat Modeling methodology is perfect unless its principles are applied and tailor-made for you. Contact we45 to see what Threat Modeling services are right for you.