Shostack + Friends Blog

 

Threat Modeling Building Blocks

Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights. small pile of legos in various shapes

Threat modeling isn't one task — its a collection of tasks that build on each other to produce more valuable insights. One of the values of the four question frame is that it lets us reduce things into smaller, more assessable building blocks.

And in that vein, there are a couple of new, short (4-page), interesting papers from a team at KU Leuven including:

What makes these interesting is that they are digging into better-formed building blocks of threat modeling, comparing them to requirements, and analyzing how they stack up.

The work is centered on threat modeling for privacy and data protection, but what they look at includes STRIDE, CAPEC and CWE. What makes this interesting is not just the results of the comparison, but that they compare and contrast between techniques (DFD variants vs CARiSMA extended; STRIDE vs CAPEC or OWASP). Comparing building blocks at a granular level allows us to ask the question "what went wrong in that threat modeling project" and tweak one part of it, rather than throwing out threat modeling, or trying to train people in an entire method.

For some people, these might be unusual blocks that they rarely need. But I'm glad they're studying them.