-
-
-
-
URL copied!
In my previous post, “Security Training for the Development Team,” I shared the experience of building a security training program for the development team.
In this part of my Secure Engineering blog series, you’ll learn about another essential step of securing engineering: threat modeling. This blog provides an overview of threat modeling. It’s an important method, and some companies use its basic approaches to secure platforms and applications.
More recommended reading on Secure Engineering:
- Secure Development Lifecycle: Importance & Learning
- Security Training for the Development Team
- Security Requirements For The Development Team
Threat modeling is a process of identifying and mitigating potential threats. You can apply it to software, networks and real-life situations. In the context of software security, it not only ensures security while developing the software but also develops the security culture and mindset of the team.
Traditionally, threat modeling is a complicated and time-consuming process that is document-centric and manual, which is why most teams try to avoid threat modeling. But understanding and mitigating threats are becoming a critical part of the software development process and can no longer be avoided. Furthermore, if executed correctly, threat modeling pays for itself by reducing the number of security bugs, security patch releases, and attack possibilities.
Teams should iteratively complete threat modeling during the design phase, although there isn’t a perfect threat model; threat modeling is never “done.” The team must find the right balance for threat modeling according to the security requirements and threat environment to create a ‘good’ threat model.
A team can start threat modeling as soon as the basic design is ready. Generally, threat modeling has five steps (DCTMD):
- Define scope
The team should first define the scope of threat modeling. Teams can use threat modeling for the entire platform, product, sub-system, or a single module or feature. Our recommendation is to start at the single module or feature level as the team does the detail designing because completing threat modeling for the complete platform or product can be overwhelming. Teams can use module or feature level threat models to easily build the threat model.
- Create DFD
The data flow diagram will help the team visualize data flow and trust boundaries. Without a good DFD, it is difficult to understand all threats, and the team can miss some crucial threats. DFD details and complexity can be dependent on the security requirements and risks.
- Threat Analysis
Once a team has DFD(s), they can start with identifying and analyzing threats. There are many different threat modeling methods. Some of the most used include:
- STRIDE
- PASTA
- LINDDUN
- CVSS
- Attack Trees
- Persona non Grata
We recommend using STRIDE as it is easy to use, most mature, and focuses on identifying mitigation techniques and threats.
Category | Definition | Applicability |
Spoofing | Pretend to be someone or something else to gain access or trust. | Identity and Process |
Tampering | Deliberately modifying data. | Process, Data storage and Data flow |
Repudiation | Not able to track users’ actions. | Identity, Process and Data storage |
Information Disclosure | Leakage of private and confidential information. | Process, Data storage and Data flow |
Denial of Service | Making system or information not available | Process, Data storage and Data flow |
Elevation of Privilege | Elevate the system access | Process |
Not all threats are equal, so a team needs to prioritize them. We recommend using likelihood and impact for this:
- High Priority Threats = High Likelihood and High Impact
- Medium Priority Threats = Medium Likelihood and Low Impact
- Low Priority Threats = Low Likelihood and Low Impact
- Mitigation
Once a team identifies all threats, the next step is to mitigate each valid threat. A simple STRIDE table can help a team with it.
Category | Control |
Spoofing | Strong Authentication (like MFA) |
Tampering | Encryption of Data at Rest, Data at Motion and Data at Use |
Repudiation | Logging, Tracing and Monitoring |
Information Disclosure | Encryption |
Denial of Service | Site Reliability |
Elevation of Privilege | Authorization |
- Documentation
Documentation is the last step of effective threat modeling. A team doesn’t need to create extensive documentation, but a team should create documentation they can refer to in future threat modeling or during design changes. Without good documentation, a team may need to complete another round of threat modeling. We recommend documenting the following:
- Valid threats
- Test cases for valid threats
- Mitigation details
Threat modeling is a specialized area, but the above details can help a team to have a basic understanding of what’s involved and begin the threat modeling process. Please feel free to contact us if you would like assistance with threat modeling.
Top Insights
Manchester City Scores Big with GlobalLogic
AI and MLBig Data & AnalyticsCloudDigital TransformationExperience DesignMobilitySecurityMediaTwitter users urged to trigger SARs against energy...
Big Data & AnalyticsDigital TransformationInnovationRetail After COVID-19: How Innovation is Powering the...
Digital TransformationInsightsConsumer and RetailTop Insights Categories
Let’s Work Together
Related Content
Unlock the Power of the Intelligent Healthcare Ecosystem
Welcome to the future of healthcare The healthcare industry is on the cusp of a revolutionary transformation. As we move beyond digital connectivity and data integration, the next decade will be defined by the emergence of the Intelligent Healthcare Ecosystem. This is more than a technological shift—it's a fundamental change in how we deliver, experience, … Continue reading Secure Engineering – Threat Modeling →
Learn More
GlobalLogic wins at the 2023 Analytics Institute Awards, Dublin
*This blog was updated on Friday 16th June. The team is excited to announce that GlobalLogic was named winners of the Emerging Technology Award at last night's Analytics Institute Awards! This prestigious award recognises organisations that have successfully employed new technologies such as IoT, Edge Computing, Machine Learning, or RPA. Our submission showcased the successful application of … Continue reading Secure Engineering – Threat Modeling →
Learn More
MLOps Principles Part Two: Model Bias and Fairness
Welcome back to the second instalment of our two-part series – MLOps (Machine Learning Operations) Principles. If you missed part one, which focused on the importance of model monitoring, it can be found here. This blog explores the various forms that model bias can take, whilst delving into the challenges of detecting and mitigating bias, … Continue reading Secure Engineering – Threat Modeling →
Learn More
The GlobalLogic Academy Programme – a personal, introspective recollection
Ben Graham – Academy 2022 Graduate/Delivery Consultant I am currently in the DevOps capability for consulting and a recent graduate of the Academy 2022 programme which ran from September to December. I’d like to detail my thoughts on the process and share how my fellow graduates and I felt going on this journey. The GlobalLogic … Continue reading Secure Engineering – Threat Modeling →
Learn More
Seven steps to break down systemic gender barriers
Despite progress over the years, women are still significantly underrepresented in tech. Systemic gender barriers – such as unconscious bias, lack of access to education, and cultural norms – can make it difficult for women to break into the tech industry. But how do we break down these barriers? Follow our simple step by step … Continue reading Secure Engineering – Threat Modeling →
Learn More
Share this page:
-
-
-
-
URL copied!