DEV Community


Cyber 101 - Threat Modelling

Amy Hudspith
CompSci Student, particularly interested in Cyber
・2 min read

Knowing lots of fancy defence strategies is great, but if you don't know where your problems are how can you go about about solving them.

Threat Modelling

Threat modelling is the process of thinking about possible threats to your system.


There are 3 main reasons why you should perform threat modelling:

  • To find security concerns
  • To find those concerns earlier
  • To find them before the project has moved so far that solving the problems becomes very expensive

The Four Principles of Threat Modelling

  1. What are you building?
  2. What can go wrong?
  3. What are you going to do about it?
  4. Did you do a good job with 1-3?

What are you building?

In order to look at what can go wrong, you need something to look at! There are many ways that you can model a system, but a common one is using UML (Unified Modelling Language).

What can go wrong?

Once you know what your system looks like you can start looking at what might wrong.

When identifying threats to a system there are 3 main perspectives to look from:

  • Asset centric
  • Attacker centric
  • Software centric

There are a range of frameworks that you can use to aid threat identification. It can be beneficial to use a framework as it helps to structure the threat modelling process and creates consistency across the company.

I personally like STRIDE and CIAAG, and they tend to work well together.

STRIDE = what you don’t want
CIAAG = what you do want

STRIDE: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
CIAAG: Confidentiality, Integrity, Authenticity, Availability, Governance

What are you going to do about it?

Once you have found the various threats to your system, you need to decide what, if anything, you are going to do about it.

In general, there are three main options:

  • Remove the threat
  • Mitigate the threat
  • Accept the threat

Did you do a good job with 1-3?

Finally, like at at the end of a maths exam, you need to go back over your work and check it!

Something to note when doing this; be sure to now include any mitigations created during the previous round of modelling in the next round of threat modelling.

Discussion (0)