” The paper proved to be a seminal contribution in the evolution of threat modeling for IT-systems. The resulting representation was called “ attack trees.” In 1998 Bruce Schneier published his analysis of cyber risks utilizing attack trees in his paper entitled “Toward a Secure System Engineering Methodology. Independently, similar work was conducted by the NSA and DARPA on a structured graphical representation of how specific attacks against IT-systems could be executed. Threat trees graphically represent how a potential threat to an IT system can be exploited. ” The concept of a threat tree was based on decision tree diagrams. In 1994, Edward Amoroso put forth the concept of a “threat tree” in his book, “Fundamentals of Computer Security Technology. In 1988 Robert Barnard developed and successfully applied the first profile for an IT-system attacker. As a result, engineers and computer scientists soon began developing threat modeling concepts for information technology systems.Įarly IT-based threat modeling methodologies were based on the concept of architectural patterns first presented by Christopher Alexander in 1977. Shortly after shared computing made its debut in the early 1960s individuals began seeking ways to exploit security vulnerabilities for personal gain. 3.1 Visual representations based on data flow diagramsĮvolution of IT-based threat modeling.3 Generally accepted IT threat modeling processes.2 Threat modeling methodologies for IT purposes.1 Evolution of IT-based threat modeling.
In a more formal sense, threat modeling has been used to prioritize military defensive preparations since antiquity. Children engage in threat modeling when determining the best path toward an intended goal while avoiding the playground bully. Commuters use threat modeling to consider what might go wrong during the morning journey to work and to take preemptive action to avoid possible accidents.
Threat modeling answers questions like “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “What do I need to do to safeguard against these threats?”.Ĭonceptually, most people incorporate some form of threat modeling in their daily life and don't even realize it. The purpose of threat modeling is to provide defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker.
your_end_results_are_the_list_and_description_of_risk_found__You_2.png "ms sdl threat modeling tool")
Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.
0 kommentar(er)
