Today, nearly all software systems face one variation of threat or another, and the number of threats increases as technology changes. These threats can emerge from within or outside the organization setting, and often with devastating impacts. To mitigate threats and prevent them from exploiting vulnerabilities within your systems, cyber threat analysts can apply threat modeling, especially the STRIDE methodology, to inform defensive measures.
Different threat modeling processes have been developed, but not all of them are comprehensive. STRIDE methodology is presently the most developed threat modeling method, which has evolved over the years to include new threat-based tables and the variants STRIDE-per-Interaction and STRIDE-per-Element.
What Is Threat Modeling?
Threat modeling can be defined as a structured process in which IT professionals and cybersecurity experts can detect likely security vulnerabilities and threats, measure the severity of each potential impact, and prioritize methods to protect IT infrastructure and mitigate attacks.
By applying the threat modeling process to consider security requirements, you’ll have proactive architectural decisions that help mitigate threats from the start. Treat modeling methodologies should be conducted promptly in the development cycle when possible glitches can be detected early and resolved to prevent a much costlier solution along the line.
Threat modeling can be an excellent means to start building a DevSecOps culture. DevOps is neither a process nor a tool, but a security culture that suggests that both the development team and the operations team should share skill sets, establish a common goal, and basically work as a unit.
Additionally, threat modeling methodologies can be applied to develop:
- a collection of probable threats that may arise
- an abstraction of the system
- the profiles of likely malicious attackers, their goals, and techniques.
What Is STRIDE Methodology?
STRIDE is a model of threats implemented to help consider and identify potential threats to a system. The STRIDE methodology aims to ensure that an application meets the security directives of the CIA triad (Confidentiality, Integrity, and Availability), alongside Authentication, Authorization, and Non-Repudiation. Security professionals usually implement it to help answer the question of “what can go wrong in this system?”
STRIDE, Asset/entry point, Patterns, and Practices were part of Microsoft’s threat modeling approaches. This methodology’s major focus is to ensure that Microsoft Windows software developers consider security during the design phase. It is implemented alongside a model of the target system that can be built in parallel, including a full breakdown of processes, data flows, data stores, as well as trust boundaries.
Likewise, STRIDE is an acronym for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service (DoS), and Elevation of privilege. These represent the six categories of threat, each of which violates a specific property for a system from variations of the CIA triad.
Spoofing attacks involve impersonating another person or computer without their knowledge, which violates authentication. The usual spoofing attacks target weak authentication mechanisms like using a simple 4-digit password, using a piece of easy-to-guess personal information like your birth date, birthplace, pet name, or surname.
An attacker can spoof or impersonate a process, machine, person, file name, or even a role. When spoofing a process, the attacker creates the file before the real process, making your process rely on it. In spoofing a machine, an attacker can use ARP spoofing, DNS spoofing, IP spoofing, or DNS compromise, which can be at the TLD, registrar, or DNS server.
This involves modifying something on memory, disk, network, or somewhere else, which violates integrity. This is a violation because only authorized users should be able to modify a system or the data on it. If the malicious hacker can infiltrate your system and taper with the information present, there can be serious consequences.
Repudiation involves claiming that you didn’t do something or were not involved or making it impossible to link an action back to you, which violates non-repudiation. Most times, attackers do not want their identity to be known, so they hide their malicious activities to avoid being caught or blocked.
Owing to this, attackers may attempt to repudiate the actions they have performed. For instance, they can claim to have not clicked, claim to be a fraud victim, claim to have not received, or use someone else’s account. Moreover, an attacker can modify the data flowing over the network, what they do is that when they discover there are no logs, they input data into the logs to confuse you.
This involves disclosing information to an authorized user, which violates confidentiality. Several systems contain confidential and sensitive information that is desired by a malicious attacker. Numerous data breaches have occurred due to this.
For instance, an attacker can extract user data and machine secrets by exploiting bugs like SQL injection to read DB tables or read error messages. When it comes to information disclosure (data stores), the perpetrator can do the following:
- take advantage of missing or inappropriate ACL or bad database permissions
- file files protected by obscurity
- retrieve data from logs/temp files or swap files
- locate crypto keys on disk or in memory
- discover exciting information in filenames or directory names
- get the device, boot in a new OS
- and see data traversing a network.
Denial of Service
This involves exhausting resources required to offer services, which violates availability. Systems are typically used for a specific purpose, like a banking application. However, in most cases, perpetrators try to prevent authorized users from accessing the system as a way to either extort money from them or blackmail them.
An attacker can DoS against a process, store flow, or data flow. In a DoS against a data flow what the attacker does is to consume network resources. In an attack against the store flow the attacker either fills the data store or makes enough requests to slow the system and what you’ll see is “too many login attempts.”
Elevation of Privilege
This involves allowing someone to do what they are unauthorized to do, which violates authorization. Users are given certain privileges once identified on a system, such as authorization to perform certain actions. An attacker can try to obtain more privileges by spoofing a user with more privileges or tampering with a system to elevate their privileges.
Learn how STRIDE methodology works and conduct an effective threat analysis by joining our community of certified threat intelligence analysts (CTIA) today. Ready to get certified? Click here!
About EC-Council’s Certified Threat Intelligence Analyst (CTIA) Program
The Certified Threat Intelligence Analyst (CTIA) Program offered by EC-Council is a method-driven Threat Intelligence course that applies a holistic tactic, including concepts from planning the threat intelligence project and building a report to distributing threat intelligence. It is an extensive, specialist-level intelligence training course that communicates a structured approach for building an effective cyber threat intelligence
CTIA is an extremely interactive, standards-based, comprehensive, and intensive 3-day training program that imparts information security professionals the knowledge needed to design and implement a professional threat intelligence. This cyber threat training program is one of the most desired certification courses by most cybersecurity analysts, engineers, and experts from across the globe, and it’s also respected by hiring authorities as well. To get trained, visit our course page now!
Why Certified Threat Intelligence Analyst (CTIA)?
- 100% compliance with NICE 2.0 and CREST frameworks
- 40% hands-on via EC-Council iLabs
- Covers the latest threat intelligence frameworks, tools, and platforms
- Covers numerous data collection techniques
- Data collection through IOCs – External, internal, and building custom IOCs
- Includes tools and Techniques for intelligence reporting and dissemination
- Structured approach to threat data analysis