There are three different approaches to threat modeling focusing on:
Let us consider three threat models proposed by Microsoft, CERT, and MITRE that depend on what you are going to focus on when deploying a cloud. Based on these models it will be possible to recommend mitigation techniques for every class of threats in the next chapters.
STRIDE (Microsoft)
STRIDE model focuses on software. We recommend using Microsoft Threat Modeling Tool when planning your cloud to model potential threats you might have in future when running your cloud. As a result, this may affect architectural solutions and change a deployment scenario.
In STRIDE there are six classes of threats corresponding with the letters in the abbreviation.
| Threat class | Description | Examples of affected objects |
|---|---|---|
| Spoofing | Pretending to be something or someone other than yourself | Process, file, host, account, certificate, TLS-protected session |
| Tampering | Modifying something on disk, on a network, or in memory | File, memory, data store, data flow, network, cache |
| Repudiation | Claiming that you did not do something, or were not responsible | Attack to logs, sources of time synchronization |
| Information disclosure | Providing information to someone not authorized to see it | Data from a process, storage, network, cache |
| Denial of Service (DoS) | Absorbing resources needed to provide service | Service availability |
| Elevation of Privileges (EoP) | Allowing someone to do something they are not authorized to do | Process, authorization service |
This guide will refer to STRIDE as a primary threat model used in a software deveopment life cycle.
OCTAVE (CERT)
OCTAVE (Allegro) model focuses on information assets and performs risk assessment. The model consists of eight steps:
These steps are organized into four phases:
CAPEC (MITRE)
The Common Attack Pattern Enumeration and Classification (CAPEC) model provides comprehensive threat classification and focuses on mechanisms and vectors of attacks.