Security Modeling and Threat Modeling Resources

A security model specifically defines essential aspects of security and their relationship with the operating system performance. No organization can secure their sensitive information or data without having effective and efficient security models. We can say that the primary aim of a security model is to provide the required level of understanding for a successful and effectual implementation of key protection requirements. Information security models are the procedures used to validate security policies as they are projected to deliver a precise set of directions that a computer can follow to implement the vital security processes, procedures and, concepts contained in a security program. These models can be intuitive or abstractive. Security models run the directions of the road for security in operating systems.

There are some security models that are most currently using for to explain the guidelines and rules that direct confidentiality, protection, and integrity of the information. The key reason and focus on the security model implementation are confidentiality over and done with access controls and Information integrity. With the help of these security models that are the main components that should be given attention to when developing information security policies and systems. These models talk about the access rules required to instantiate the defined policy and highlight the objects that are directed by the company’s policy.

Here some of the important models we are discussing below to understand the functions and importance of Information Security models in the current business world. Five popular and valuable models are as follows;

• Bell-LaPadula Model
• Biba Model
• Clark Wilson Model
• Brewer and Nash Model
• Harrison Ruzzo Ullman Model

These models are used for maintaining goals of security, i.e. Confidentiality, Integrity, and Availability. In simple words, it deals with CIA Triad maintenance.

STRIDE Methodology

P.A.S.T.A.

Trike

VAST

More threat modeling methods can be found from: Threat Modeling: 12 Available Methods

Threat Modeling Process Steps

A threat modeling session typically consists of the following steps:

• Pick a use case of your application
• Draw a Data Flow Diagram of this use case, which shows how data flows through your system and which applications or databases are involved.
• For each asset passing through your data flow, go through a checklist and discuss potential security risks. Rate each risk (e.g. by likelihood and impact)
• Discuss and decide what you will do about each risk

Note: https://www.windriver.com/solutions/learning/threat-modeling

Threat Modeling Tools

There are currently five tools available for organizational threat modeling:

• Microsoft’s free threat modeling tool – the Threat Modeling Tool (formerly SDL Threat Modeling Tool). This tool also utilizes the Microsoft threat modeling methodology, is DFD-based, and identifies threats based on the STRIDE threat classification scheme. It is intended primarily for general use.
• MyAppSecurity offers the first commercially available threat modeling tool – ThreatModeler It utilizes the VAST methodology, is PFD-based, and identifies threats based on a customizable comprehensive threat library.It is intended for collaborative use across all organizational stakeholders.
• IriusRisk offers both a community and a commercial version of the tool. This tool focus on the creation and maintenance of a live Threat Model through the entire SDLC. It drives the process by using fully customizable questionnaires and Risk Pattern Libraries, and connects with other several different tools (OWASP ZAP, BDD-Security, Threadfix…) to empower automation.
• securiCAD is a threat modelling and risk management tool by the Scandinavian company foreseeti. It is intended for company cyber security management, from CISO, to security engineer, to technician. securiCAD conducts automated attack simulations to current and future IT architectures, identifies and quantifies risks holistically including structural vulnerabilities, and provides decision support based on the findings. securiCAD is offered in both commercial and community editions. 
• SD Elements by Security Compass is a software security requirements management platform that includes automated threat modeling capabilities. A set of threats is generated by completing a short questionnaire about the technical details and compliance drivers of the application. Countermeasures are included in the form of actionable tasks for developers that can be tracked and managed throughout the entire SDLC.
• OWASP Application Threat Modeling
• owasp.org/index.php/OWASP_Threat_Dragon

Open Source

Commercial

The terms cyber risk modeling and cyber threat modeling are often used synonymously, but they are different ideas. Cyber risk modeling involves creating multiple risk scenarios and assessing the severity of each.

Risk modeling provides a data-driven approach to understand cyber exposure and to quantify the possible outcome if a risk does indeed strike. This information is documented and disseminated in a language that makes sense to business users and decision-makers. A cyber risk model – particularly one that uses the same tools available to the cyber insurance sector – provides an efficient and repeatable way to quantify the probability of a cyberattack in financial terms.

On the other hand, a threat model helps to identify cyber threats and vulnerabilities. It also informs the company’s response and mitigation efforts.

Threat Modeling vs Threat Intelligence:

A cyber threat intelligence tool helps you collect and analyze threat information from multiple external sources to protect your enterprise from existing vulnerabilities and prepare for future ones. Next-gen cyber threat intelligence tools are essential to improve enterprise resilience and protect against external (in addition to internal) attacks.

Threat intelligence enables organizations to make faster, more informed, data-backed security decisions and change their behavior from reactive to proactive in the fight against threat actors. It transforms raw data into useful interpretable intelligence for analysis. 

One of the tools capable of mapping the Threat Model is Anomaly Threat Stream. A threat intelligence platform that could model any threat tailored to your specific organization.

With Anomaly Threat Stream, the analyst can build a Threat Model based on a specific adversary relevant to your organization’s industry. For example, a bank would have a specific adversary of a state-sponsored attacker such as Lazarus or Cobalt Strike. By mapping all the IOCs, Tools-Technique-Procedures (TTP) along with MITRE ATT&CK Framework, an organization can have a specifically tailored cybersecurity defence that is much stronger and more impactful for its operations.

Threat Modeling vs Vulnerability Assessment

• Their primary focus: Threats vs vulnerabilities
• Proactive vs reactive processes
• Threat intelligence-driven anaysis – Both threat modeling and vulnerability assessment use threat intelligence-driven data to fuel their processes.
• Threat modeling uses CVSS and MITRE TTPs to identify vulnerabilities and threats and goes a step further to quantify threats and prioritize ways to remediate them.

Threat Modeling vs Pen Test

Differences are between Threat Modeling and penetration testing:

• Timing: Threat Modeling is preferably performed during the design phase of the system (although it is never too late to do it). Penetration testing is done during development or at least just prior to release (please don’t release first and then test on production).
• Objectives: Threat Modeling prevents or manages design flaws from a ‘white box’ perspective. Pentesting tests the actual application’s resilience – usually from a black box perspective
• Outcome: Threat Modeling leads to a list of design changes to consider, pentesting generates a list of bug fixes. Both expose risk which begs for risk management measures.

Some Other Terms:

• Tactics, Techniques and Procedures (TTPs) : TTPs are the “patterns of activities or methods associated with a specific threat actor or group of threat actors,”
• Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI).
• Trusted Automated Exchange of Intelligence Information (TAXII™) is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. TAXII is a protocol used to exchange cyber threat intelligence (CTI) over HTTPS. TAXII enables organizations to share CTI by defining an API that aligns with common sharing models.

The Glossary of the known and agreed Threat Models’ abbreviations:

References

• Threat Modeling: What, Why, and How?
• Tactics, Techniques and Procedures (TTPs) Within Cyber Threat Intelligence
• A Guide to Understanding Security Modeling in Trusted Systems
• What are Information Security Models?
• Introduction To Classic Security Models
• OWASP Threat Modeling
• First Curriculum – Threat Modelling