Threat Modeling Flashcards
What is a vulnerability?
A flaw or weakness in a system’s design, or operation and management that could be exploited to violate the system’s security policy
What is an attack?
An intentional act by which an entity attempts to evade security services and violate the security policy of a system
What is an attacker?
A person who executes an attack
What is a threat?
A potential for violation of security
What is an asset?
A system resource that is
- required to be protected by a security policy
- intended to be protected by a countermeasure
- required for a system’s mission
What is risk?
An expectation of loss expressed as the probability that a particular threat will exploit a vulnerability with a harmful result
What is a countermeasure?
An action, device, procedure or technique that meets a threat, vulnerability or attack by preventing it, by minimizing its harmful effect or by reporting it
Name and describe two attacker models for interaction protocols
Honest-but-curious users
- follow protocol honestly
- can collude to learn more than they should
- obey all rules
Malicious users
- break rules of the protocol to get information
- more powerful
Name six more attacker models and their capabilities
Eavesdropping
- eavesdrop on a shared channel
Man-in-the-middle MITM
- eavesdrop
- modify
- delete
- inject
Man-at-the-end MATE
- has full control over a system
Malware
- can have different purposes and different powers / levels of privilege
Side-Channel
- learn about sensitive information indirectly by observing parameters of a system or its environment
Social Engineering
What does STRIDE stand for?
The different threats considered in the model:
- Spoofing
- Tampering
- Repudiation
- Information disclosure
- Denial of service
- Elevation of privilege
What are the 5 steps of threat modeling with STRIDE?
- Identify Security Objectives
- Application Overview
- Decompose Application
- Identify Threats
- Identify Vulnerabilities
Repeat
What are the different phases modeled in ATT&CK
Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact
Name 4 questions that help identify security objectives
What data do you need to protect?
Do you have compliance requirements?
Do you have specific QoS requirements?
Are there intangible assets that you need to protect?
What are the key components of an application overview?
- End-to-end deployment topology
- Logical layers
- Key components
- Key services
- Communication ports and protocols
- Identities
- External dependencies
Which 4 steps help decompose an application?
- Identify Trust Boundaries
- Identify Data Flows
- Identify Entry Points
- Identify Exit Points