Definition
Threat Modeling is a proactive process of identifying potential threats to a system, determining the risk they pose, and designing mitigations. Unlike CTI which often focuses on external actors, Threat Modeling focuses on the system design itself.
Purpose and Core Idea
"You cannot defend what you do not understand." Threat modeling helps security teams prioritize defenses based on the most likely attack vectors, rather than trying to defend everything equally.
Framework 1: STRIDE (Developer Focused)
Developed by Microsoft, STRIDE is used to categorize threats against software:
- Spoofing (Identity theft)
- Tampering (Data modification)
- Repudiation (Denying an action)
- Information Disclosure (Data leak)
- Denial of Service (Crashing the system)
- Elevation of Privilege (Gaining admin rights)
Framework 2: PASTA (Risk Focused)
Process for Attack Simulation and Threat Analysis.
- Unlike STRIDE, PASTA aligns technical threats with business objectives. It simulates attacks from the adversary's perspective.
Mini Case Study: The S3 Bucket Leak
- Scenario: A company launches a new mobile app storing photos in an AWS S3 bucket.
- STRIDE Analysis: An "Information Disclosure" threat is identified.
- Mitigation: The team enforces strict IAM policies and encryption.
- Result: Because the threat was modeled during design, a potential data breach was prevented before the code was even written.
Relation to Other CTI Frameworks Threat modeling consumes Tactical Intelligence (e.g., "Attackers are exploiting S3 buckets") to inform the design process.