Threat Modeling: Tooling and Automation.
Considered through two distinct approaches: threat modeling from code and threat modelling with code. Automating threat modeling depends on various systems, processes, and procedures that exist within an environment, ensuring tailored analysis and mitigation strategies aligned with the specific architecture and operations.
Threat modelling from code involves processing system information stored in a machine-readable format to identify weaknesses, vulnerabilities, and potential threats. This approach uses programs to analyze system models, components, and related data. By interpreting inputs, referencing a database of known threats and weaknesses, and applying detection criteria, it can efficiently generate human-readable reports that highlight potential findings and security risks.
Tool 1; Threatspec — https://threatspec.org/
Tool 2; ThreatPlaybook — https://threatplaybook.io/
Threat modelling with code involves writing a program to represent the architecture or description of a system and its components for automated threat analysis and reporting. By coding a structured model, compiling, and executing it, the resulting program identifies and reports security threats, enabling dynamic and adaptable threat assessment through code-based representations.
Key components to consider include elements and collections, systems, execution contexts, and trust boundaries. Accurate correlation across systems, supported by relevant metadata, is essential for a cohesive understanding by the system. Leveraging authoritative resources like CWE, MITRE, and CAPEC helps clearly define the steps an attacker might take to identify and exploit potential threats, ensuring thorough and actionable threat modeling.
Tool 3; Pytm — https://github.com/OWASP/pytm
Tool 4; Threagile — https://threagile.io/
Other Tools;
Tool 5; IriusRisk — https://www.iriusrisk.com/
Tool 6; SD Elements. — https://www.securitycompass.com/sdelements/threat-modeling/
Tool 7; ThreatModeler — https://threatmodeler.com
Tool 8; OWASP threat dragon — https://owasp.org/www-project-threat-dragon/
Tool 9; Microsoft Threat Modelling Tool — https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool
Tool 10; CAIRIS — https://cairis.org/cairis/tmdocsmore/
Tool 11; Mozilla SeaSponge — https://blog.mozilla.org/security/2015/04/02/introducing-project-seasponge-quick-and-easy-threat-modeling/
Tool 12; Tutamen Threat Model Automator — https://www.youtube.com/watch?v=no9omN7yBS4
Automation
The Agile way; Continuous Threat modelling (CTM).
Embracing the ‘shift-left’ approach in security, threat modeling should be integrated early in the design and development process. It’s essential that teams and platforms are equipped to create actionable threat models as systems are built. For example, Collaborative Threat Modeling (CTM) is guided by several principles: the product team, having deep system knowledge, should drive the process; threat models must reflect the current state of the system; and findings must be relevant and directly applicable.
CTM starts with establishing a baseline, setting the scope, and identifying critical assets. This includes creating diagrams of data flows, data stores, and transformations, which offer a clear and comprehensive view of the system’s structure and potential vulnerabilities.
Tool 13; Autodesk Continuous Threat Modelling — https://github.com/Autodesk/continuous-threat-modeling
Personal Note.
- Define the System and Components: Establish a clear outline of the system architecture, detailing elements such as data stores, components, and interfaces.
- Map connection Points and Data Flow: Identify how data moves within the system, specifying protocols, communication channels, ports, and trust boundaries.
- Identify Potential Weaknesses and Vulnerabilities: Use the system’s structure and flow details to pinpoint areas that may be susceptible to compromise.
- Identify Threats: Reference established threat databases, such as MITRE and CWE, to recognize specific threats relevant to the identified vulnerabilities.
- Assess Exploitability: Evaluate each threat’s exploitability using CVSS scores or internal risk ratings, considering the likelihood and impact according to organizational risk criteria.
This will then determine which findings to fix during design issue and which threats can be fixed by compensating security controls.
One significant topic was intentionally left out: Threat Modeling in LLMs and Machine Learning. I want to take the time to thoroughly understand the adaptation, unique workflows, and implementation challenges in Africa before diving into the threat models. Stay tuned for that article!
Resources;
Youtube Videos;
Books (I track books on Good Reads)
https://www.goodreads.com/book/show/215558532-threat-modeling-gameplay-with-eop
https://www.goodreads.com/book/show/25674652-securing-systems
https://www.goodreads.com/book/show/628285.Threat_Modeling
https://www.goodreads.com/book/show/18379732-threat-modeling
https://www.goodreads.com/book/show/55963615-threat-modeling
Articles
https://shostack.org/resources/threat-modeling
https://owasp.org/www-community/Threat_Modeling
https://www.frontiersin.org/journals/the-internet-of-things/articles/10.3389/friot.2024.1306465/full