🧠 Domain 1 – Security and Risk Management
🧨 D1.5 – Threat Modeling (🇬🇧 / 🇫🇷)
This memo covers structured approaches to identify and categorize threats to systems and data.
🎯 What is Threat Modeling?
Threat modeling is a structured process to:
- Identify potential threats
- Classify and prioritize them
- Propose countermeasures and reduce risk
🧠 FR : La modélisation des menaces consiste à identifier, analyser, classer et gérer les menaces qui pèsent sur un système ou une organisation.
🔠 STRIDE (Microsoft Threat Model)
| Letter | Threat Type | Description |
|---|---|---|
| S | Spoofing | Impersonating a user/identity |
| T | Tampering | Modifying data or code |
| R | Repudiation | Denying an action without proof |
| I | Information Disclosure | Leaking confidential data |
| D | Denial of Service | Blocking legitimate use of systems |
| E | Elevation of Privilege | Gaining unauthorized access level |
🧠 FR : STRIDE aide à classer les menaces selon leur impact potentiel. Ex: spoofing = usurpation, tampering = altération, etc.
🔍 Threat Identification Approaches
1️⃣ Focused on Assets
- Start with your critical assets
- Then determine what threatens them
2️⃣ Focused on Attackers
- Profile the attacker’s motivation / capabilities
- Identify threats based on their tactics
3️⃣ Focused on Software
- Used in development
- Identify flaws in app architecture, components, logic
🧠 FR : On peut partir soit des biens à protéger, soit des attaquants, soit du logiciel pour identifier les menaces.
⚙️ PASTA – Process for Attack Simulation and Threat Analysis
🧱 A 7-stage, risk-based threat modeling methodology
| Stage | Description |
|---|---|
| I | Definition of Objectives (DO) |
| II | Definition of Technical Scope (DTS) |
| III | Application Decomposition and Analysis (ADA) |
| IV | Threat Analysis (TA) |
| V | Weakness and Vulnerability Analysis (WVA) |
| VI | Attack Modeling & Simulation (AMS) |
| VII | Risk Analysis & Management (RAM) |
🧠 FR : PASTA vise à analyser les menaces de manière formelle et structurée, en 7 étapes, du cadrage au traitement.
🔄 VAST – Visual, Agile, and Simple Threat Modeling
- Adapted to Agile development workflows
- Scalable, team-friendly
- Focuses on automation and continuous integration
🧠 FR : VAST s’intègre aux méthodes Agile. Il est visuel, léger, et conçu pour être utilisé par les développeurs dans un contexte DevSecOps.
✅ Summary Table
| Model | Focus | Notes |
|---|---|---|
| STRIDE | Threat type classification | Microsoft-originated |
| PASTA | Risk-focused, structured | 7-step method |
| VAST | Agile & dev-friendly | Used in SDLC |
| Asset-based | Business value | Classic, risk-driven |
| Attacker-based | Threat actor profiling | Intelligence-driven |
| Software-based | Code & architecture flaws | DevSecOps environments |
📌 To Remember for Exam
- STRIDE = types of threats
- PASTA = structured analysis flow
- VAST = Agile-based
- Think in context: use asset/attacker/software lens depending on your org
☣️ DREAD – Threat Scoring Model
The DREAD model provides a structured scoring system to rank threats by impact and difficulty.
Each letter in DREAD corresponds to a risk factor:
| Letter | Factor | Key Question |
|---|---|---|
| D | Damage Potential | How much damage will it do? |
| R | Reproducibility | Can the attack be repeated easily? |
| E | Exploitability | How easy is it to exploit? |
| A | Affected Users | How many users would be impacted? |
| D | Discoverability | How easy is it to discover the vulnerability? |
Each item is rated on a scale (e.g. 1–10), and the total gives you a risk score per threat.
🧠 FR : DREAD permet d’attribuer une note de risque chiffrée à chaque menace. On évalue le dommage, la facilité d’exécution, et le nombre d’utilisateurs impactés.
🛠️ What to do after scoring?
- Prioritize remediation based on score
- Choose appropriate responses:
- Software or architecture changes
- Operational/process improvements
- Defense mechanisms (detection, protection)
🧠 FR : Une fois les menaces notées, on choisit les contre-mesures en fonction du coût et de l’efficacité.
🧠 DREAD vs. Risk Assessment
| Aspect | Focus |
|---|---|
| Threat modeling | 🎯 Focus on threats (who/what might attack?) |
| Risk assessment | 🏦 Focus on assets (what’s valuable to protect?) |
🧠 FR : Le threat modeling est centré sur les attaques possibles, tandis que le risk assessment part des actifs à protéger.