Threat modeling methods are a set of general principles and practices for identifying cyber threats to computer systems and software. These methods can be applied during the design phase of new systems or when assessing existing security controls against new threats. There are several threat modeling methodologies in use today, ranging from informal processes to formalized models that can be captured within software tools. A summary of some of the most popular threat modeling methods is provided below:
• Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of privilege (STRIDE)
• Process for Attack Simulation and Threat Analysis (PASTA)
• Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
• Trike
• Visual, Agile, and Simple Threat modeling (VAST)
• Common Vulnerability Scoring System (CVSS)
• Attack Trees
• Persona non grata (PnG)
• Security Cards
• Hybrid Threat Modelling Method (hTMM)
• Quantitative Threat Modelling Method (QTMM)
• Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance (LINDDUN)
All of the above methods are designed to detect potential threats, except for CVSS. The number and types of threats will vary considerably between the different methods, as well as the quality and consistency of the methods. Which one is your favorite threat modeling method? Are you interested in using some of the methods above for your company or research project?