Menu
Cyber Security
Threat modeling is a process of identifying all possible threats to a system so that they can be categorized and analyzed. It's a proactive approach to a system security. Essentially, you are trying to identify and fix the vulnerability before adversaries can exploit them. There are two broad categories:
Goals:
Approaches:
Threat Identification:
STRIDE Method (Developed by Microsoft): S - Spoofing - Attacker trying to gain the access by falsified methods T - Tampering - Any action resulting in unauthorized changes of the data either in transit of storage. R - Repudiation - The ability of user or attacker to deny the activity. I - Information Disclosure - Revelation of private, confidential or controlled information to external and unauthorized sources. D - Denial of Service - An attack to prevent the authorized use of the resource. E - Elevation of Privilege - An attack where a limited user account is transformed into a higher privileged account.
0 Comments
|