# Threat Modeling - Perspectives - Attacker centric - Architecture centric - Asset-centric ## Asset Centric Threat Modeling 1. Identify the assets - Asset = anything of value - Assign an ID to each of them - Define trust levels 2. Outline architecture - Identify what the application does - With uses cases - Who can do what. What it should do. (Instead of what it should do, this is completely non-functional) - Does and don'ts - Identify the components (arch diagram) - Identify the technologies being used 3. Decompose the applications - Identify trust boundaries - Which part should I trust? - Which components should trust other components? - Identify the data flows - DFD = Data Flow Diagrams - Identify the entry points - Identify privileged code - Document the **Security Profile** 4. Identify threats- [[stride|STRIDE Method]] - Categorization is the key to model threats in a systematic way. - Spoofing - Tampering - Repudiation - Information Disclosure - Denial of Service - Elevation of Privilege 5. Document the threats - ID - Name - Description - Categories (STRIDE) - Entry Points - Relevant Assets - Mitigation 6. Rate security of threats - Probability and damage rating - Overall risk = prob x damage - DREAD Model - Ease of exploitation - Discoverability - Reproducibility - Exploitability - Impact - Affected Users - Damage Potential