A Hybrid Threat Modeling Method
• Technical Note
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2018-TN-002DOI (Digital Object Identifier)
10.1184/R1/12366992.v1Topic or Tag
Abstract
In FY 2016, the research team evaluated Security Cards, STRIDE (Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, Elevation of privilege), and persona non grata (PnG) for effectiveness in threat identification. Security Cards is an approach that emphasizes creativity and brainstorming over more structured approaches such as checklists. STRIDE involves modeling a system and subsystem and related data flows. PnGs represent archetypal users who behave in unwanted, possibly nefarious ways. The team used two scenarios: an aircraft maintenance scenario and a drone swarm scenario, both described in this technical note in detail, along with the project outcomes. No individual threat modeling method included all identified threats.
The research team subsequently developed the Hybrid Threat Modeling Method (hTMM), considering the desirable characteristics for a Threat Modeling Method. At a high level, the hTMM includes the following steps, described in detail in the technical note: (1) Identify the system you will be threat modeling. (2) Apply Security Cards according to developers’ suggestions. (3) Prune PnGs that are unlikely or for which no
realistic attack vectors could be identified. (4) Summarize results from the above steps, utilizing tool support. (5) Continue with a formal risk assessment method.
Cite This Technical Note
Mead, N., Shull, F., Vemuru, K., & Villadsen, O. (2018, March 27). A Hybrid Threat Modeling Method. (Technical Note CMU/SEI-2018-TN-002). Retrieved November 21, 2024, from https://doi.org/10.1184/R1/12366992.v1.
@techreport{mead_2018,
author={Mead, Nancy and Shull, Forrest and Vemuru, Krishnamurthy and Villadsen, Ole},
title={A Hybrid Threat Modeling Method},
month={{Mar},
year={{2018},
number={{CMU/SEI-2018-TN-002},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/12366992.v1},
note={Accessed: 2024-Nov-21}
}
Mead, Nancy, Forrest Shull, Krishnamurthy Vemuru, and Ole Villadsen. "A Hybrid Threat Modeling Method." (CMU/SEI-2018-TN-002). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, March 27, 2018. https://doi.org/10.1184/R1/12366992.v1.
N. Mead, F. Shull, K. Vemuru, and O. Villadsen, "A Hybrid Threat Modeling Method," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2018-TN-002, 27-Mar-2018 [Online]. Available: https://doi.org/10.1184/R1/12366992.v1. [Accessed: 21-Nov-2024].
Mead, Nancy, Forrest Shull, Krishnamurthy Vemuru, and Ole Villadsen. "A Hybrid Threat Modeling Method." (Technical Note CMU/SEI-2018-TN-002). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 27 Mar. 2018. https://doi.org/10.1184/R1/12366992.v1. Accessed 21 Nov. 2024.
Mead, Nancy; Shull, Forrest; Vemuru, Krishnamurthy; & Villadsen, Ole. A Hybrid Threat Modeling Method. CMU/SEI-2018-TN-002. Software Engineering Institute. 2018. https://doi.org/10.1184/R1/12366992.v1