Threat modelling identifies, assesses, and mitigates potential security threats to a system, application, or organisation. It helps you understand where your system might be vulnerable to attacks and how to protect it effectively. Here is a detailed explanation of the steps involved in threat modelling:

1. Identify Assets

First, determine what you need to protect. Assets can be anything valuable, such as:

  • Data: Personal information, financial records, intellectual property.
  • Systems: Servers, databases, applications.
  • People: Employees, customers, stakeholders.

2. Create an Architecture Overview

Next, create a diagram or description of how your system works. The overview could include:

  • Components: Servers, databases, user interfaces.
  • Data Flows: How data moves between different system parts.
  • Trust Boundaries: Points where data changes its trust level (e.g., between a user’s device and your server).

3. Identify Threats

Consider potential threats to your system. Common frameworks for this include:

  • STRIDE: Focuses on six threat categories:

    • Spoofing: Pretending to be someone else.
    • Tampering: Modifying data or systems.
    • Repudiation: Denying an action or transaction.
    • Information Disclosure: Exposing data to unauthorised parties.
    • Denial of Service (DoS): Disrupting service availability.
    • Elevation of Privilege: Gaining unauthorised access to higher privileges.

  • DREAD: Helps prioritise threats based on:

    • Damage Potential: How bad is the impact?
    • Reproducibility: How easy is it to reproduce the attack?
    • Exploitability: How easy is it to exploit the vulnerability?
    • Affected Users: How many users does the threat impact?
    • Discoverability: How easy is it to find the threat?

4. Determine Mitigations

Determine how to mitigate each identified threat. The mitigations might include:

  • Technical Controls: Firewalls, encryption, authentication mechanisms.
  • Procedural Controls: Policies, procedures, and training.
  • Physical Controls: Security guards, locked doors.

5. Prioritise Threats

Not all threats are equal. Prioritise them based on factors such as:

  • Impact: How severe would the impact be if a threat actor realised the threat?
  • Likelihood: How likely will the threat occur?

6. Implement Mitigations

Implement the mitigation strategies identified. The implementation could involve:

  • Code Changes: Fixing vulnerabilities in the software.
  • Configuration Changes: Updating settings on systems or networks.
  • Process Changes: Adjusting procedures or policies to reduce risk.

7. Review and Update Regularly

Threat modelling is not a one-time activity. Regularly review and update your threat model to account for:

  • New Threats: As technology and attack methods evolve.
  • System Changes: Updates or modifications to the system.
  • Incident Learnings: Insights gained from security incidents.

Example Scenario

Imagine you have an online banking application. Here’s a simplified threat modelling process for it:

  1. Identify Assets: User credentials, transaction data, account balances.
  2. Architecture Overview: Web server, database, mobile app, and network.
  3. Identify Threats:
    • Spoofing: An attacker impersonates a user.
    • Tampering: An attacker alters transaction details.
    • Information Disclosure: An attacker accesses sensitive user data.
  4. Determine Mitigations:
    • Spoofing: Implement multi-factor authentication.
    • Tampering: Use encryption and digital signatures for transactions.
    • Information Disclosure: Ensure data is encrypted in transit and at rest.
  5. Prioritise Threats: Based on the potential impact and likelihood.
  6. Implement Mitigations: Update the application code, configure servers for encryption, and implement multi-factor authentication.
  7. Review and Update: Regularly audit the system for new vulnerabilities and update the threat model accordingly.

Threat modelling helps you systematically analyse and strengthen your security posture, making your systems more resilient against potential attacks.

A kids guide

Let us imagine you are a knight protecting a castle. Threat modelling is like planning to keep your castle safe from bad guys who might try to get in. Here is how you can think about it:

Step 1: Know Your Castle

  • First, you look at your castle and see what you have to protect. Maybe you have treasures, a magical garden, or even important people inside.

Step 2: Find the Weak Spots

  • Next, you look for weak spots where bad guys could try to get in. There may be a small gate that is easy to sneak through or a wall that is not very high.

Step 3: Think Like the Bad Guys

  • Imagine you are the bad guys. How would you try to get into the castle? Would you climb the wall, sneak through the gate, or use a secret tunnel?

Step 4: Make a Plan to Protect

  • Once you know where the weak spots are and how the bad guys might attack, you can make a plan to protect those spots. You could build higher walls, place guards at the gates, or block off the tunnels.

Step 5: Check and Update

  • Finally, you keep checking your castle regularly. If you find new weak spots or think of new ways bad guys might attack, you update your plan to keep the castle safe.

In real life, you might be protecting a computer, a website, or even a game account instead of a castle. The bad guys could be hackers trying to steal information or mess things up. Threat modelling helps you think ahead and plan to keep everything safe and secure.