A general look into

different threat modeling

methodologies
CONTENTS

1 Introduction

2 Attack trees

3 PASTA

4 STRIDE
 Introduction

• Threat modeling is a method of optimizing network specificly and Cybersecurity and threat
intelligence practices in general by locating vulnerabilities, identifying objectives, and
developing countermeasures to either prevent or mitigate the effects of cyber-attacks against the
system.

• While security teams can conduct threat modeling at any point during development, doing it at the
start of the project is best practice. This way, threats can be identified sooner and dealt with before
they become an issue.

• in todays presentation we will adress the following methdologies :

• STRIDE
• PASTA
• ATTACK TREES
CONTENTS

1 Attack trees
 Attack trees

• Attack trees are diagrams that depict attacks on a system in tree form. The tree root is the goal for the attack, and the leaves are ways to achieve that
goal. Each goal is represented as a separate tree. Thus, the system threat analysis produces a set of attack trees.
• In the case of a complex system, attack trees can be built for each component instead of for the whole system. Administrators can build attack trees and
use them to inform security decisions, to determine whether the systems are vulnerable to an attack, and to evaluate a specific type of attack.
• In recent years, this method has often been used in combination with other techniques and within frameworks such as STRIDE, CVSS, and PASTA.
• attack trees offer a conceptual understanding as to where countermeasures should exist and where they should be applied within the context of the
threat. These countermeasures lessen the overall business impact as well as the associated risk or impact levels introduced by the threat.
CONTENTS

2 PASTA
 PASTA
The Process for Attack Simulation and Threat Analysis (PASTA) is a risk-centric threat-modeling framework developed in 2012. It contains
seven stages to create a process for simulating attacks to IT applications, analyzing the threats, their origin, the risks they pose to an
organization, and how to mitigate them. The objective of this model is to identify the threat, enumerate them, and assign a score. By following
this method, the organization can determine the appropriate countermeasures that must be deployed to mitigate the risk.

• PASTA aims to bring business objectives and

technical requirements together.
• It uses a variety of design and elicitation tools in
different stages. This method elevates the threat-
modeling process to a strategic level by involving
key decision makers and requiring security input
from operations, governance, architecture, and
development.

• Widely regarded as a risk-centric framework,

PASTA employs an attacker-centric perspective
to produce an asset-centric output in the form of
threat enumeration and scoring.
CONTENTS

3 STRIDE
 STRIDE
• STRIDE, Microsoft’s threat modeling methodology, is the oldest, most well-documented, and most mature methodology. It was developed to help ensure developers of Microsoft
software think about security during the design phase. As such, STRIDE is highly development-focused.

• STRIDE stands for Spoofing Tampering Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege, and it tries to map security principles of the CIA triad along
with Authorization, Authentication, and Non-Repudiation to architecture and data-flow diagrams. Once a team constructs a data-flow diagram, engineers check the application against
the STRIDE classification scheme. The outputs show threats and risks and are derived right from design diagrams as part of the development process.

• This methodology is both well documented and well known owing to Microsoft’s significant influence in the software industry and their offering of Microsoft TMT
 INDEX

• https://www.eccouncil.org/

• https://essay.utwente.nl/79133/1/Sonderen_MA_EEMCS.pdf

• https://www.techwell.com/techwell-insights/2020/05/choosing-right-threat-modeling-methodology

• https://threatmodeler.com/threat-modeling-methodologies-overview-for-your-business/

• https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/

• Threat Modeling designing for security (Adam SHOSTACK)

• Cyber threat! how to manage the growing risk of cyber attacks ( MacDonnell ULSCH )

• Risk Centric Threat Modeling Process for Attack Simulation and Threat Analysis by Tony UcedaVelez,
Marco M. Morana
THANKS