Monday, September 23, 2024

Threat modelling & Risk assessment STRIDE, PASTA & DREAD

 

Threat modelling & Risk assessment STRIDE, PASTA & DREAD


1. STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)

Overview: STRIDE is a threat modeling framework developed by Microsoft. It helps in identifying various types of threats that can affect software systems. Each letter in STRIDE represents a different category of threat.

  • S - Spoofing: Impersonating another user or system. For example, pretending to be a valid user to gain access to restricted areas of the system.

  • T - Tampering: Unauthorized modification of data. This can involve altering data in transit or at rest, such as modifying a database record or intercepting and altering network traffic.

  • R - Repudiation: The ability for a user or system to deny an action or a transaction. If proper logging and auditing aren’t in place, malicious users can deny their actions.

  • I - Information Disclosure: Exposing confidential information to unauthorized entities. This includes breaches of data, leaking personal information, or exposing secrets such as encryption keys.

  • D - Denial of Service (DoS): Disrupting service to legitimate users. This threat often involves overwhelming a service to make it unavailable or unusable.

  • E - Elevation of Privilege: When an unauthorized user gains higher-level privileges than they are entitled to. This could mean gaining administrative rights or taking control of critical system components.

Application: STRIDE is primarily used to assess different components of a system for potential security threats. It works well during the design and development phases to help ensure that each potential category of threat is considered and addressed.

2. DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability)

Overview: DREAD is a risk assessment model that helps prioritize and rank the severity of threats. It complements threat identification processes like STRIDE by assigning numerical values to threats, enabling easier prioritization.

  • D - Damage: How much damage would be caused if the threat were realized? The more damage it causes, the higher the score.

  • R - Reproducibility: How easy is it to reproduce the attack? Threats that can be easily replicated by others receive a higher score.

  • E - Exploitability: How easy is it to exploit the vulnerability? A higher score is given to threats that require less effort to exploit.

  • A - Affected Users: How many users are affected by the attack? The broader the impact, the higher the score.

  • D - Discoverability: How easy is it to find this threat? A threat that is easily discoverable by attackers (through scanning tools, etc.) will receive a higher score.

Scoring: For each factor, threats are rated on a scale (e.g., 1 to 10). The scores are then summed up, and the total gives a clear indication of which threats require the most immediate attention. A higher score means the threat is more severe or dangerous.

3. PASTA (Process for Attack Simulation and Threat Analysis)

Overview: PASTA is a risk-centric threat modeling methodology designed to integrate business objectives with technical security. It provides a structured approach for understanding and mitigating risks based on an attacker’s perspective.

PASTA involves 7 stages:

  1. Stage 1: Define the Business Objectives
    This step involves understanding the business objectives and aligning the security goals accordingly. The idea is to ensure that security efforts protect the core assets of the business.

  2. Stage 2: Define the Technical Scope
    In this phase, you outline the system architecture, including the technologies, networks, and components involved. It's critical to define the system boundaries and identify any potential weak points.

  3. Stage 3: Application Decomposition
    This involves breaking down the system or application into its various elements or subsystems. The goal is to identify key components, data flows, and areas that might be vulnerable to attack.

  4. Stage 4: Threat Analysis
    Using various techniques like STRIDE or external intelligence, this stage identifies potential threats and actors that might exploit vulnerabilities in the system.

  5. Stage 5: Vulnerability & Weakness Analysis
    Here, you identify the existing vulnerabilities in the system. This could include running vulnerability scans or reviewing past incidents.

  6. Stage 6: Attack Modeling
    This step simulates possible attack vectors by putting yourself in the shoes of an attacker. You assess how attackers could exploit vulnerabilities and the potential impact on the system.

  7. Stage 7: Risk & Impact Analysis
    In the final stage, you prioritize the threats and vulnerabilities based on their impact and the business objectives. This ensures that the most critical issues are addressed first.

Application: PASTA is more business-oriented than other frameworks, making it suitable for organizations that need to integrate security practices directly into their risk management processes. It considers threats from both a technical and business perspective, allowing companies to prioritize their security efforts effectively.

Comparing the Three Frameworks:

  • STRIDE is focused on identifying different categories of threats in a system and is generally used during the design and development stages.
  • DREAD provides a scoring system to prioritize threats based on their severity, which helps determine where security resources should be allocated.
  • PASTA is a more structured and comprehensive approach that focuses on aligning security with business objectives and performing attack simulations, offering a full-cycle risk management approach.

Each framework serves different purposes, and they can complement one another. For example, STRIDE can be used to identify threats, DREAD to prioritize them, and PASTA to model real-world attacks based on business needs.


Let's explore each of these threat modeling frameworks—STRIDE, DREAD, and PASTA—with practical examples to better understand how they are applied in real-world scenarios.

1. STRIDE Example: Web Application Threat Modeling

Scenario: A web application that allows users to manage their accounts, such as banking details, passwords, and personal information.

Threat Categories in STRIDE:

  • S - Spoofing:

    • Example: An attacker impersonates a legitimate user by stealing their login credentials (e.g., through phishing or brute force attacks). Once inside, the attacker can transfer money or steal sensitive data.
    • Mitigation: Implement multi-factor authentication (MFA) to prevent unauthorized access even if credentials are compromised.

  • T - Tampering:

    • Example: An attacker intercepts and modifies data sent between the user and the server, such as altering a transaction amount during a money transfer.
    • Mitigation: Use SSL/TLS encryption for all communications between the web client and server to prevent data tampering.

  • R - Repudiation:

    • Example: A user claims they did not make a particular transaction, and there are no logs to prove otherwise.
    • Mitigation: Enable proper logging of user actions and ensure logs are tamper-proof with proper audit trails.

  • I - Information Disclosure:

    • Example: An attacker exploits a misconfigured API to gain access to sensitive information, such as other users’ banking details or account numbers.
    • Mitigation: Implement proper access controls and enforce the principle of least privilege (PoLP) for sensitive information.

  • D - Denial of Service (DoS):

    • Example: An attacker floods the web application with traffic, causing legitimate users to be unable to access their accounts.
    • Mitigation: Deploy rate-limiting mechanisms, web application firewalls (WAFs), and distribute traffic with load balancers to mitigate DoS attacks.

  • E - Elevation of Privilege:

    • Example: An attacker exploits a vulnerability in the application's user privilege management to gain administrative rights.
    • Mitigation: Conduct regular security code reviews and apply proper role-based access control (RBAC).

2. DREAD Example: Mobile Application Risk Assessment

Scenario: A mobile application that allows users to manage IoT devices in their homes, like security cameras and smart locks.

DREAD Analysis:

  • Threat: Unauthorized remote control of smart locks (a hacker unlocking doors without permission).

  • D - Damage:

    • Score: 9/10
    • Reason: If someone can unlock doors remotely, it poses a serious physical security risk, including theft, personal harm, and property damage.

  • R - Reproducibility:

    • Score: 7/10
    • Reason: Once an exploit is found, the attacker can likely reproduce the attack on different devices with the same software version.

  • E - Exploitability:

    • Score: 8/10
    • Reason: If the application is poorly secured (e.g., weak API security or outdated encryption), it may not take much skill to exploit.

  • A - Affected Users:

    • Score: 6/10
    • Reason: Depending on the popularity of the application, the number of affected users could be substantial but still limited by geography and user base size.

  • D - Discoverability:

    • Score: 5/10
    • Reason: Finding this vulnerability may require specific knowledge of IoT protocols and network architecture, making it harder for the average hacker to discover.

Total Score: 35/50
This high score indicates that the threat is severe and requires urgent mitigation efforts. For instance, the application should enforce strong authentication and encryption for communication with IoT devices.

3. PASTA Example: E-Commerce Platform Threat Modeling

Scenario: A large e-commerce platform that processes payments, stores user data, and handles order fulfillment.

7-Stage PASTA Process:

  1. Stage 1: Define the Business Objectives

    • Example: The platform's primary objective is to ensure the confidentiality, integrity, and availability of customer data and financial transactions to maintain trust and operational continuity.

  2. Stage 2: Define the Technical Scope

    • Example: The system architecture includes a web application, payment gateway, customer database, and API integrations with third-party services like delivery and inventory management.

  3. Stage 3: Application Decomposition

    • Example: Decompose the platform into its components: user authentication (login/signup), order management, payment processing, and API for partner services. Data flow between these components needs to be mapped, focusing on how sensitive information (credit card data, user credentials) is handled.

  4. Stage 4: Threat Analysis

    • Example: Use STRIDE to identify potential threats.
      • Spoofing: Fraudulent access via weak password policy.
      • Information Disclosure: Leakage of credit card data due to an insecure API.
      • Denial of Service: High traffic leading to service downtime.
      • Elevation of Privilege: Exploit in user role management granting admin rights.

  5. Stage 5: Vulnerability & Weakness Analysis

    • Example: The payment gateway uses outdated encryption, and the API does not validate input properly. This introduces risks for man-in-the-middle attacks and SQL injection vulnerabilities.

  6. Stage 6: Attack Modeling

    • Example: Simulate an attack where an attacker intercepts traffic between the payment gateway and the server using a man-in-the-middle attack. By capturing unencrypted traffic, the attacker gains access to users’ credit card information.

  7. Stage 7: Risk & Impact Analysis

    • Example: Rank the identified threats based on their impact on business objectives. The most critical vulnerability is the lack of encryption in the payment system, as it directly affects user trust and regulatory compliance (e.g., PCI-DSS). Immediate action, like upgrading to TLS 1.3 and conducting API penetration testing, should be taken to secure the platform.

Summary of Examples:

  • STRIDE: Applied to identify different types of security threats during the development of a system (e.g., preventing spoofing or tampering in a web app).
  • DREAD: Used to prioritize threats (e.g., unlocking smart devices remotely) by assessing risk factors such as damage, reproducibility, and exploitability.
  • PASTA: Provides a structured approach for understanding risks based on both business objectives and technical scope, culminating in attack simulations for e-commerce security.

Each of these frameworks is valuable in different stages of securing systems, and they can be combined for a more comprehensive security strategy.



Disclaimer: I cannot assume any liability for the content of external pages. Solely the operators of those linked pages are responsible for their content. I make every reasonable effort to ensure that the content of this Web site is kept up to date, and that it is accurate and complete. Nevertheless, the possibility of errors cannot be entirely ruled out. I do not give any warranty in respect of the timeliness, accuracy or completeness of material published on this Web site, and disclaim all liability for (material or non-material) loss or damage incurred by third parties arising from the use of content obtained from the Web site. Registered trademarks and proprietary names, and copyrighted text and images, are not generally indicated as such on my Web pages. But the absence of such indications in no way implies the these names, images or text belong to the public domain in the context of trademark or copyright law. All product and firm names are proprietary names of their corresponding owners All products and firm names used in this site are proprietary names of their corresponding owners. All rights are reserved which are not explicitly granted here.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)