Chapter 2. A Generalized Approach to Threat Modeling
If you always do what you’ve always done, you’ll always get what you’ve always got.
Henry Ford
Threat modeling as an exercise in analyzing a system design for threats follows a consistent approach that can be generalized into a few basic steps; this chapter presents that general flow. This chapter also provides information on what to look for in your system models, and what you may never be able to discover as a result of threat modeling.
Basic Steps
This section shows the basic steps that outline the general flow of threat modeling. Experienced modelers perform these steps in parallel and, for the most part, automatically; they are continuously assessing the state of the system as the model is being formed, and they may be able to call out areas for concern well before the model has reached an expected level of maturity.
It may take you some time to achieve that level of comfort and familiarity, but with practice these steps will become second nature:
-
Identify objects in the system under consideration.
Identify the elements, data stores, external entities, and actors, present in and associated with the system you are modeling, and gather characteristics or attributes as metadata about these things (later in the chapter we provide some sample questions you can use to ease metadata collection). Make note of the security capabilities and controls each object supports or provides, and any clear deficiencies (such as an element ...
Get Threat Modeling now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.