Shostack + Friends Blog

Cumulus

Cumulus is a cloud-oriented version of Elevation of Privilege

A set of cards with threats like our deployment artifacts contain secrets that can be extracted

Cumulus, from TNG Technology Consulting, is a cloud-centered version of Elevation of Privilege. Their suits are “access + secrets”, “delivery”, “recovery” “monitoring” and “resources.” I think its a good group, and I think they’ve done a good job defining threats. They seem likely enough in the real world, broad enough that they’ll provoke a discussion, and they written clearly.

Originally published by Adam on 06 Apr 2023
Categories: application security cloud security threat modeling threat model thursday

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.