Adversary-centric threat modelling

Know thy enemy

Attacker or adversary-based threat modelling focuses not only on preparing friendly forces for defence (and offense), but also examines adversary capabilities and intent. If we know what an opponent wants, the tools the adversary has available, and the ways they can affect our systems and networks, we can better model the threat. Rather than basing our strategy on what an opponent has already done, we can expand the strategy to include what an opponent may want and try to do. This leads to the concept of predictive analysis.

The attacker-centric approach also uses tree diagrams. Key elements of this approach include focusing on the specific goals of an attacker, the various considerations related to the system upon which the attack could be perpetrated along with its software and assets, how the attack could be carried out, and finally, a means to detect or mitigate such an attack. An analyst may also list related attack patterns or approaches to make these same determinations.

Helpful(?) coding tips from the CIA’s school of hacks