User Tools

Site Tools


Threat modelling

With a systematic analysis of the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker, defenders can focus on what is most important to protect. It's systematic, and like penetration testing, a dance. Though pigeonholed into these stances, and though many assistive tools exist, the best results come from using all and none of them, using common sense, and including experienced other perspectives.

  • Adversary-centric: Studying the history and past interactions of adversaries showing what they may take as their next move.
  • Quick and dirty: Prioritising potential threats from a hypothetical attacker's point of view for finding the low hanging fruit.
  • Asset-centric: Using trees and graphs for visually illustrating patterns and vulnerabilities by which an asset can be attacked.
  • Software-centric: Visual, Agile, and Simple Threat (VAST) modelling for scaling threat modelling processes associated with applications.

It all depends: On who the adversaries are, on the context, on what information needs protecting, on the assets (networks, software, data and information systems, development environments), on what is considered in scope and what not, and on the people using the system (i.e. the individuals working with the definition, implementation and maintenance of security policies), and whether lives depend on it or not.


Threat models

  • De-anonymisation threat model: De-anonymisation alias re-identification. More and more governments and industries depend on it. The adversaries, possible attack vectors, the attacks, threats, assistive technologies, the possible uses, and if and where possible, what we can do.
  • Search engine threat model: The least investigated threat model. We must be… increasingly on the alert to prevent “them” from taking over mineshaft space and knocking us out in superior numbers when we emerge! We must not allow… a mineshaft gap!
  • E2E threat modelling: Most E2E systems are secure against only the weakest passive adversaries, breakable not by cryptanalysis of underlying cryptographic algorithms but by flawed system designs and security assumptions.

Attack trees

Experienced other perspectives

Especially role-plays in which people play the role of the adversary can be quite enlightening and open the door for more overlooked solutions. This has lead us to adopting red teaming and adapting it to colourful teaming for including more directions (and mindsets). Its success depends on coalition building and further threat modelling.

en/facilitation/threats/start.txt · Last modified: 2020/07/03 17:26 by Digital Dot