Threat Modeling
Software Security through Threat Modeling:
Identification of previously undetected security vulnerabilities in standard and custom software in the design phase of software development
In the traditional software development cycle, measures to increase the security level are usually implemented only shortly before delivery – but often only after the software has been delivered. Since about half of all security vulnerabilities are due to design flaws, security measures must be implemented and verified before or during the design phase. Threat Modeling helps to identify security vulnerabilities.
Threat Modeling supports the methodical development of a trustworthy system design and architecture in the design phase of software development (security design) – the cost of fixing errors is still very low in this development phase. In addition, existing system designs and architectures can be reviewed to identify, assess, and correct security risks.
At each stage of the process, the corresponding measures are taken in order to represent the threat model more accurately and advance its further development.
Used Technique/Method
Step 1
Analysis of Available Documentation
Examine security design, program flowcharts, and use cases
Step 2
Identify Key Elements
Input Interfaces, Resources to be Protected, Trust Boundaries, External Entities (Attackers, Users, Other Systems)
Step 3
Create Data Flow Diagrams (DFDs)
Visualize data flows and trust boundaries
Step 4
Analyze DFDs
Systematically identify all potential threats
Step 5
Define Threats
Map each threat to a resource (e.g., “Attacker can read a password from the database”)
Step 6
Mitigate Threats
Refer to documentation for mitigation strategies (e.g., passwords stored in hashed form)
Step 7
Evaluate Mitigations
Verify implementation of mitigation (e.g., check hashing algorithm robustness)
Step 8
Create Attack Paths for Non-Mitigated Threats
Represent vulnerabilities and attack paths using attack trees
Step 9
Implement Threat Model
Build a comprehensive security architecture
Step 1
Analysis of Available Documentation
Examine security design, program flowcharts, and use cases
Step 2
Identify Key Elements
Input Interfaces, Resources to be Protected, Trust Boundaries, External Entities (Attackers, Users, Other Systems)
Step 3
Create Data Flow Diagrams (DFDs)
Visualize data flows and trust boundaries
Step 4
Analyze DFDs
Systematically identify all potential threats
Step 5
Define Threats
Map each threat to a resource (e.g., “Attacker can read a password from the database”)
Step 6
Mitigate Threats
Refer to documentation for mitigation strategies (e.g., passwords stored in hashed form)
Step 7
Evaluate Mitigations
Verify implementation of mitigation (e.g., check hashing algorithm robustness)
Step 8
Create Attack Paths for Non-Mitigated Threats
Represent vulnerabilities and attack paths using attack trees
Step 9
Implement Threat Model
Build a comprehensive security architecture