Additional Threat modelling frameworks and methodologies

VAST, LINDDUN, OCTAVE, TRIKE, CVSS, ATTACK TREES, MITRE ATT&CK,  HEURISTICS 

Addition to STRIDE, DREAD, and PASTA, there are several other threat modeling frameworks and methodologies that are widely used. Each offers unique approaches depending on the organization's needs, the system's complexity, and the level of security desired. Below are some of the other notable frameworks:

---

1. VAST (Visual, Agile, and Simple Threat Modeling)

Overview:
VAST is designed to scale threat modeling across an entire organization, integrating security into the agile development process without slowing it down. It introduces two separate threat models:

• Application Threat Model: Focuses on the security of applications (code, API, etc.).
• Operational Threat Model: Focuses on the infrastructure and its security.

Key Characteristics:

• Designed to work well with DevOps and Agile methodologies.
• Encourages continuous integration of threat modeling during development.
• Uses visual representations (e.g., flow diagrams) to simplify and communicate potential threats.

Example: In an organization using Agile, developers incorporate VAST to continuously analyze new features. If a feature interacts with a database, the model visualizes potential SQL injection risks, prompting developers to add necessary input validation and secure the database connection.

---

2. LINDDUN (Linkability, Identifiability, Non-Repudiation, Detectability, Disclosure of Information, Unawareness, Non-Compliance)

Overview:
LINDDUN is a privacy-focused threat modeling framework aimed at identifying and addressing privacy threats in systems. It’s particularly valuable for applications that handle personal data, making it essential in the context of GDPR compliance and other privacy regulations.

Categories:

• Linkability: The ability to link two or more pieces of information.
• Identifiability: The ability to identify an individual based on provided data.
• Non-repudiation: Ensuring that users cannot deny their actions.
• Detectability: The ability to detect whether a subject or data is involved in certain activities.
• Disclosure of Information: Unauthorized exposure of private data.
• Unawareness: Users are unaware of data collection or processing.
• Non-compliance: Violating data protection regulations or laws.

Example: A healthcare app handles sensitive personal data. Using LINDDUN, the team identifies that patient records could be inadvertently linked to users based on access logs, violating privacy regulations. The framework suggests implementing strong data anonymization techniques and minimizing identifiable information storage.

---

3. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)

Overview:
OCTAVE is a risk-based threat modeling framework developed by Carnegie Mellon University. It focuses on assessing the organization’s critical assets, identifying vulnerabilities, and evaluating potential risks. It’s highly useful for assessing an organization’s operational risks in a holistic manner.

Key Components:

• Asset Identification: Define what assets are most critical to the organization (e.g., customer data, intellectual property).
• Threat Identification: Identify threats to these assets based on their vulnerabilities.
• Mitigation Strategies: Develop risk mitigation strategies by evaluating security processes and policies.

Example: In a financial organization, OCTAVE is used to identify risks related to customer transaction data. They discover that third-party service providers have direct access to customer data, leading to potential exposure. Mitigation includes restricting third-party access and implementing strong encryption mechanisms for data at rest and in transit.

---

4. TRIKE

Overview:
TRIKE is a risk management and threat modeling framework that focuses on producing threat models with a risk-based approach. It allows security teams to assess the risks associated with their system and decide on appropriate mitigation strategies.

Key Characteristics:

• Provides a structured risk assessment framework.
• Focuses on actor-based threat modeling: who performs an action, what resources are affected, and how they are controlled.
• Involves creating a formalized threat model, assigning risk values to threats.

Example: In a cloud-based service, TRIKE is used to model the interactions between users and cloud resources (e.g., data storage, APIs). By assessing the risks of unauthorized actors accessing sensitive resources, the model helps prioritize security efforts like enforcing stronger access control mechanisms.

---

5. CVSS (Common Vulnerability Scoring System)

Overview:
CVSS is a standardized method to assess the severity of security vulnerabilities. It is widely used to calculate the risk score of vulnerabilities, helping security professionals prioritize their response based on the impact.

Scoring Metrics:

• Base Score: Assesses the inherent characteristics of the vulnerability.
• Temporal Score: Takes into account the current state of exploitability and patch availability.
• Environmental Score: Adjusts the base score based on the operational environment.

Example: A vulnerability is found in a web application that can lead to unauthorized access. Using CVSS, the vulnerability is rated with a score based on its ease of exploitation, the potential damage to the business, and how many users are affected. The higher the score, the faster the vulnerability needs to be addressed.

---

6. Attack Trees

Overview:
An attack tree is a visual representation of all possible attack vectors that could be used to compromise a system. The tree starts with the attacker's goal at the root, and branches represent different ways an attacker could achieve that goal.

Key Characteristics:

• Top-Down Approach: Starts with a high-level goal (e.g., unauthorized access) and breaks it down into sub-goals and specific actions.
• Allows for quantification of risks by assigning values to each branch (e.g., probability, cost, difficulty).

Example: For a banking application, the root goal might be "steal funds from user accounts." The branches represent different attack vectors, such as phishing for credentials, exploiting software vulnerabilities, or gaining access to backend systems. Each branch is evaluated based on its likelihood and difficulty.

7. MITRE ATT&CK Framework

Overview:
The MITRE ATT&CK framework provides a comprehensive, globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It is used to understand and categorize the actions that attackers take during cyber intrusions.

Key Characteristics:

• Tactics: High-level attacker goals, like initial access, execution, and privilege escalation.
• Techniques: Specific methods to achieve these goals, such as spear-phishing, brute force, or malware injection.

Example: A SOC (Security Operations Center) uses MITRE ATT&CK to map out an attack sequence observed in an organization's network. By analyzing the attack tactics (e.g., gaining initial access via spear-phishing), the team strengthens specific defenses against known techniques (e.g., blocking malicious email attachments).

---

8. Heuristics-Based Threat Modeling

Overview:
In this approach, threat modeling is done based on the heuristics of known attacks, vulnerabilities, and system design principles. The goal is to apply a set of general rules or "heuristics" to identify potential issues.

Example: When designing a new API for a mobile app, the development team might apply heuristic checks such as "validate all inputs" or "authenticate before providing access to sensitive data." These heuristics guide the design and security of the system, helping prevent common attack vectors like injection attacks or unauthorized access.

---

Summary of Additional Threat Modeling Frameworks:

• VAST: Ideal for integrating with Agile and DevOps environments, with a focus on scalability and simplicity.
• LINDDUN: Privacy-centric, helping to identify and mitigate privacy-related risks.
• OCTAVE: A comprehensive risk management approach focused on organizational risks.
• TRIKE: Risk-based, with a focus on actor-centric security.
• CVSS: Used to prioritize vulnerabilities based on severity scores.
• Attack Trees: Visual representation of how attackers could achieve specific objectives.
• MITRE ATT&CK: Maps real-world attack behaviors into known tactics and techniques.
• Heuristics-Based: Leverages known best practices and rules to prevent common vulnerabilities.

Each framework or method addresses specific needs within an organization, from general risk management to detailed privacy concerns or vulnerability prioritization.

Disclaimer: I cannot assume any liability for the content of external pages. Solely the operators of those linked pages are responsible for their content. I make every reasonable effort to ensure that the content of this Web site is kept up to date, and that it is accurate and complete. Nevertheless, the possibility of errors cannot be entirely ruled out. I do not give any warranty in respect of the timeliness, accuracy or completeness of material published on this Web site, and disclaim all liability for (material or non-material) loss or damage incurred by third parties arising from the use of content obtained from the Web site. Registered trademarks and proprietary names, and copyrighted text and images, are not generally indicated as such on my Web pages. But the absence of such indications in no way implies the these names, images or text belong to the public domain in the context of trademark or copyright law. All product and firm names are proprietary names of their corresponding owners All products and firm names used in this site are proprietary names of their corresponding owners. All rights are reserved which are not explicitly granted here.