Asset-centric

Asset-centric threat modelling is a natural step after adversary-centric threat modelling and predominately internally focused on the impact of a compromise. Assets can be both physical assets and abstract assets. For example, an asset of an application might be a list of clients and their personal information; this is a physical asset. An abstract asset might be the reputation of a person or organisation.

For example, in a University library you could have assets relating to students, faculty members, and librarians, assets relating to the underlying system, and assets relating to the College Library website. User login details are the login credentials that a user (students, faculty members, and librarians) will use to log into the website/system/network. The level of access to the entry point for each, students, faculty members, and librarians needs to be documented/listed. For example:

  • User with Valid Login Credentials
  • Librarian
  • Database Server Administrator
  • Web Server User Process
  • Database Read User
  • Database Read/Write User

Using the same example, a University Library, the Library website will store personal information relating to the students, faculty members, and librarians.

Trust levels for these also need to be documented/listed, for example:

  • Librarian
  • Database Server Administrator
  • Website Administrator
  • Web Server User Process
  • Database Read User
  • Database Read/Write User

In real life, we'd have to assess assets in the local context. The desired output is a prioritized list of threats, which can then be further examined to assess impact. This approach asks questions for which we partly have an answer having used adversary-centric threat modelling first:

  • What assets require protection?
  • What level of protection is required?
  • How might an asset be compromised?
  • What is the impact if protection fails?

Asset-centric approaches to threat modelling use attack trees, attack graphs, or visually illustrate patterns by which an asset can be attacked. Security professionals often argue that such approaches to threat modelling can be classified as the result of a software-centric design approach, but it can also be used together with decision analysis for security improvements.


  • Last modified: 2019/10/10 20:23