Threat modeling is the process of identifying, analyzing and categorizing threats.
List of Cybersecurity Threat Models
Cybersecurity Threat Models featured on this post:
- MITRE ATT&CK
- STRIDE
- PASTA
- DREAD
- VAST
- Diamond Model of Intrusion Attack
The most popular is MITTRE ATT&CK.
MITRE ATT&CK
MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is both a threat model to classify the nature of threat and a knowledge base, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.
It can help to integrate both internally created intelligence and external threat feed data.
The Cyber Killer Chain consists of these steps:
- Recon
- Weaponize
- Deliver
- Exploit
- Execute
- Control
- Maintain
In addition to the model, it is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
It is broadly accepted by threat modeling and threat intelligence organizations and is used as default model in many software packages and tools.
STRIDE
STRIDE is a threat model to classify the nature of threat.
It is developed by American company Microsoft.
STRIDE is an acronym that stands for the different threat categories it considers:
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service (DoS)
- Escalation of Privileges
Microsoft Threat Modeling Tool official website
PASTA
Process for Attack Simulation and Threat Analysis (PASTA) is designed to help with countermeasure selection in relation to the assets to be protected.
It was created by Tony Uceda Vélez and Marco M. Morana from American company VerSprite.
PASTA stages:
- Define of objectives (DO) for the analysis of risks
- Definition of the technical scope (TS)
- Application decomposition and analysis (ADA)
- Threat analysis (TA)
- Weakness and Vulnerability analysis (WVA)
- Attack modeling & simulation (AMS)
- Risk analysis & management (RAM)
DREAD
DREAD is developed by Microsoft, but seems that it has been abandoned.
DREAD’s categories of risk:
- Damage
- Reproducibility
- Exploitability
- Affected Users
- Discoverability
ATASM
ATASM stands for Architecture, Threat, Attack Surfaces, and Mitigations.
ATASM steps:
- Seek to understand the architecture
- List all threat agents, their goals, methods, and objectives
- Look at your architecture’s potential attack surfaces and look at how the attack methods and objectives already identified would interact with the attack surface being assessed
- Review security controls and the attack surfaces, removing any attack surfaces that are sufficiently secured by existing controls
VAST
Visual, Agile, and Simple Thread (VAST) integrates threat and risk management into an Agile programming environment on a scalable basis.
Diamond Model of Intrusion Attack
Diamond model of intrusion attack addresses how to think about intrusions, without addressing broader threats.
You can read more about it on this external link.
You might also be interested in…
External References
- STRIPE
- M. Chapple et al; “CISSP Study Guide Ninth Edition”, chapter 1 “Security governance through principles and policies”, section “Threat Modeling”, p. 27; Wiley, 2021
- M. Chapple, D. Seidl; “CCSP Study Guide Third Edition”, p. 173; Wiley, 2021
- PASTA
- M. Chapple et al; “CISSP Study Guide Ninth Edition”, chapter 1 “Security governance through principles and policies”, section “Threat Modeling”, p. 27-28; Wiley, 2021
- Tony Uceda Velez, Marco M. Morana; “Threat MOdeling: Process for Attack Simulation and Threat Analysis”; Wiley 2015
- M. Chapple, D. Seidl; “CCSP Study Guide Third Edition”, p. 1743; Wiley, 2021
- DREAD
- M. Chapple, D. Seidl; “CCSP Study Guide Third Edition”, p. 173; Wiley, 2021
- ATASM
- M. Chapple, D. Seidl; “CCSP Study Guide Third Edition”, p. 173-174; Wiley, 2021
- VAST
- M. Chapple et al; “CISSP Study Guide Ninth Edition”, chapter 1 “Security governance through principles and policies”, section “Threat Modeling”, p. 28; Wiley, 2021