![microsoft sdl threat modeling tool microsoft sdl threat modeling tool](https://docs.microsoft.com/en-us/archive/msdn-magazine/2009/january/images/dd347831.fig02.gif)
LINDDUN (linkability, identifiability, nonrepudiation, detectability, disclosure of information, unawareness, noncompliance) focuses on privacy concerns and can be used for data security. Widely regarded as a risk-centric framework, PASTA employs an attacker-centric perspective to produce an asset-centric output in the form of threat enumeration and scoring. This method elevates the threat-modeling process to a strategic level by involving key decision makers and requiring security input from operations, governance, architecture, and development. It uses a variety of design and elicitation tools in different stages. PASTA aims to bring business objectives and technical requirements together. It contains seven stages, each with multiple activities, which are illustrated in Figure 1 below:įigure 1: Adapted from Threat Modeling w/PASTA: Risk Centric Threat Modeling Case Studies The Process for Attack Simulation and Threat Analysis (PASTA) is a risk-centric threat-modeling framework developed in 2012. Microsoft also developed a similar method called DREAD, which is also a mnemonic (damage potential, reproducibility, exploitability, affected users, discoverability) with a different approach for assessing threats. Although Microsoft no longer maintains STRIDE, it is implemented as part of the Microsoft Security Development Lifecycle (SDL) with the Threat Modeling Tool, which is still available. STRIDE has been successfully applied to cyber-only and cyber-physical systems. STRIDE applies a general set of known threats based on its name, which is a mnemonic, as shown in the following table: By building data-flow diagrams (DFDs), STRIDE is used to identify system entities, events, and the boundaries of the system. STRIDE evaluates the system detail design. STRIDE has evolved over time to include new threat-specific tables and the variants STRIDE-per-Element and STRIDE-per-Interaction. Invented in 1999 and adopted by Microsoft in 2002, STRIDE is currently the most mature threat-modeling method.
![microsoft sdl threat modeling tool microsoft sdl threat modeling tool](https://www.radiojitter.com/wp-content/uploads/otwpct/tmb/tm_1543827553_940X300_c_c_0_0.png)
![microsoft sdl threat modeling tool microsoft sdl threat modeling tool](https://d3i71xaburhd42.cloudfront.net/6dd75d73c3c2bd71f5acd7752926e82a35dfe7d1/2-Figure1-1.png)
I encourage readers interested in more detailed information about these methods to read our SEI white paper on the same topic. No one threat-modeling method is recommended over another organizations should choose which method to use based on the specific needs of their project. The 12 threat-modeling methods summarized in this post come from a variety of sources and target different parts of the process.
![microsoft sdl threat modeling tool microsoft sdl threat modeling tool](https://image.slidesharecdn.com/prs-160628214937/85/microsoft-threat-modeling-tool-2016-2-320.jpg)
Performing threat modeling on cyber-physical systems with a variety of stakeholders can help catch threats across a wide spectrum of threat types. While innovative, cyber-physical systems are vulnerable to threats that manufacturers of traditional physical infrastructures may not consider.
#Microsoft sdl threat modeling tool software#
Threat modeling can be particularly helpful in the area of cyber-physical systems.Ĭyber-physical systems integrate software technology into physical infrastructures, such as smart cars, smart cities, or smart grids. Using threat modeling to think about security requirements can lead to proactive architectural decisions that help reduce threats from the start. Threat modeling should be performed early in the development cycle when potential issues can be caught early and remedied, preventing a much costlier fix down the line. Some methods focus specifically on risk or privacy concerns. Not all of them are comprehensive some are abstract and others are people-centric. They can be combined to create a more robust and well-rounded view of potential threats. Many threat-modeling methods have been developed.