May 26, 2020 By Cypress Data Defense In Technical
Want to learn how to perform threat modeling?
Then, you are in the right place. But before that, let us quickly discuss why it is important to perform threat modeling and security analysis. Almost all software systems face a variety of threats today, and the number of cyberattacks continues to rise as the technology matures. In the second quarter of 2018, malware exploiting software vulnerabilities grew 151 percent, according to a report. Security breaches can occur due to internal or external entities, and they can have devastating consequences. These attacks may leak sensitive data of your organization or disable your system completely, which may even lead to complete loss of data. How can you protect your data from being stolen or prevent malicious attacks on your devices? One way to start is by performing threat modeling, a process that helps you analyze your environment, identify potential vulnerabilities and threats, and create the proper security requirements you need to address those threats. To design-in security, it is recommended that developers and manufacturers analyze the operating environment to determine how each device could be attacked and then document it. This process of understanding and documenting security requirements is known as Threat Modeling and Security Analysis (TMSA). But how can performing Threat Modeling and Security Analysis help you secure your device against cybersecurity attacks? It can help you analyze your device and understand: A Threat Modeling and Security Analysis (TMSA) highlights critical issues and challenges that you should consider while implementing security to protect your product or device. It prompts you to consider critical questions such as: Here is a step-by-step process that will help you understand how you can perform a Threat Modeling and Security Analysis to determine your security requirements. The first step to perform threat modeling is to identify a use case, which is the system or device that is the subject of your security assessment. By doing so, you will have an idea of what device or system needs to be analyzed further. Since attackers may target your device to steal important data or to have it act maliciously, you need to identify the assets that hold sensitive information or are most likely to be attacked. For instance, if you have a smart speaker, then you may want to protect the following assets: There might be many different assets in your device, but what’s important is that you focus on securing assets that hold valuable data and are critical to your organization and customers. Moreover, to identify and understand potential threats that might impact your device, you need to determine external entities and users who interact with the device. That may include legitimate users, such as the virtual system administrator or the owner of the device. But it should also extend to identify potential adversaries or attackers attempting to gain access to the device. Once you’ve identified these, it’s time to move on to the next step of performing threat modeling. In this step of performing threat modeling, you have to identify trust zones and corresponding entry-exit points. By using this information, you can develop data flow diagrams along with privilege boundaries that will help you define the approach for input data validation, user authentication, and error handling. Additionally, you need to create an adversary-based threat model to help you identify potential adversaries and attackers who may be trying to exploit or attack your device. Usually, an adversary-based threat model has four categories of attackers: By this point, you should have identified what you need to protect and what potential adversaries could lead to a security breach. Next, you should identify potential vulnerabilities, including software, physical devices, development lifecycles, and communication that could act as entry points into your device and allow attackers to enter your system. What do these vulnerabilities include? These vulnerabilities may include excessive user access privileges, weak password policies, absence of Web Application Firewall (WAF), broken authentication, insecure cryptographic storage, lack of security guidelines, or security misconfigurations. Once you have identified potential vulnerabilities, you can implement a threat model against each entry point to determine security threats. But how can you design the right level of security required to protect your device against these threats? After identifying potential security threats, you will need to consider assessing the severity of each threat or attack and allocate your resources appropriately. You can use a common vulnerability scoring system (CVSS) to evaluate the impact of the threats. It uses scores between zero to 10 to help you understand how an attack would affect your device. For instance, if the CVSS score for a threat is 9, then you should focus your resources and attention on it as its impact would be severe. By doing so, you will be able to build the right level of security into your device. In this step of how to perform threat modeling, you have to establish security objectives that focus on maintaining the following security elements: The type of attack determines the risk to each of these security elements. For instance, you can determine that a tampering attack may impact the integrity of your device, while a spoofing attack may impact the authenticity of your device. Once you have assessed the potential threats and their severity, you will be able to determine what countermeasures you need to employ to combat those threats and how you can address them appropriately. Since each threat poses a different risk to high-level security objectives, you need to analyze and create specific, actionable security requirements that will directly address those threats. For instance, to secure identities, you should: Once you have gathered all the requisite information needed to set security requirements for your system, create a threat modeling document that stores this information accurately. What should you include in this document? The document should include separate tables that list the assets that you need to protect, potential adversaries and threats, countermeasures you need to take, and security requirements. It should be well-structured and have clear and concise information to help you see the potential severity of an attack and how you can address each threat. A well-maintained document can help you efficiently perform Threat Modeling and Security Analysis (TMSA). Now that you know more about threat modeling and how to perform it, get started with your TMSA documentation. Remember, you need to identify potential vulnerabilities along with security requirements that will help protect your system against attackers and threats. Do you have any more questions on how to perform threat modeling? Please get in touch with our security experts.What is the Right Level of Security for Your Device and How Can Threat Modeling Help You Achieve It?
Steps to Perform Threat Modeling
Step 1: Identify the Use Case, Assets to Protect, and External Entities
Step 2: Identify Trust Zones, Potential Adversaries, and Threats
Step 3: Determine High-Level Security Objectives to Address Potential Threats
Step 4: Define Security Requirements for Each Security Objective Clearly
Step 5: Create a Document to Store All Relevant Information
Key Takeaways from This Guide on How to Perform Threat Modeling