Skip to content

An extensive list of resources related to threat modelling. Gotta catch ’em all!

Notifications You must be signed in to change notification settings

arnepadmos/threats

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 

Repository files navigation

threat modelling

Threat modelling is analysing representations of a system to highlight concerns about security and privacy characteristics. -- Braiterman et al. (2020)

aspects

methods

examples

tooling

standards

journeys

research

methods

4Q: four questions framework

4+1: five concurrent views model

5W: five whys

AADL: architecture analysis and design language

AC: abuse case

ACH: analysis of competing hypotheses

ACTM: architectural component-based threat modelling

ADT: attack-defence tree

ADVISE: adversary view security evaluation

AEGIS: appropriate and effective guidance for information security

AG: attack graph

AN: attack net

AP: attack pattern

ARA: architectural risk analysis

AS: abuser story

ASM: attack surface mapping

ASM: attack surface metric

AT: attack tree

ATAM: architecture trade-off analysis method

ATASM: threat model process armature

ATM: adaptive threat modelling

ATM: agile threat modelling

ATMS: Apple threat modelling strategies

ATM: approachable threat modelling

ATT&CK: adversarial tactics techniques and common knowledge

AVOIDIT: Memphis cyber attack taxonomy

AWS: Amazon Web Services threat modelling tips

A&K: dependency and vulnerability analysis

BMC: business model canvas

BRA: binary risk analysis

BSI 200-3: German risk analysis standard

BTD: bow tie diagram

C4: context, containers, components, and code

CAIRIS: computer aided integration of requirements and information security

CAPEC: common attack pattern enumeration and classification

CARTA: continuous adaptive risk and trust assessment

CBEST: Bank of England cyber threat modelling

CC: common criteria

CCE: consequence-driven cyber-informed engineering

CCTF: common cyber threat framework

CDA: ceremony design and analysis

CDM: cyber defence matrix

CIGITAL: Cigital threat model process

CISCO: Cisco threat modelling process

CJA: crown jewel analysis

CKC: cyber kill chain

CORAS: model-based method for security risk analysis

CRAMM: CCTA risk analysis and management method

CSA: Cloud Security Alliance top threats

CSD: Centre for Secure Design top ten

CSRA: cyber-security supply-chain risk assessment

CTM: cloud threat modelling

CTM: continuous threat modelling

CTM: cyber threat modelling

CVSS: common vulnerability scoring system

CWE: common weakness enumeration

CWRAF: common weakness risk analysis framework

CWSS: common weakness scoring system

CYBERPHA: safety-oriented process for ICS risk assessment

D3FEND: knowledge graph of cyber-security countermeasures

DBT: design basis threat

DFD: data flow diagram

DFD3: version 3 data flow diagram

DOLEV-YAO: Dolev-Yao adversary model

DSTM: data-centric system threat modelling

DREAD: DREAD risk rating

DTM: developer-driven threat modelling

DTM: DFD-based threat modelling

EBIOS: ANSSI risk manager

EOP: elevation of privilege

EVITA: e-safety vehicle security engineering process

FAIR: factor analysis of information risk

FAGAN: Fagan inspection process

FHM: flaw hypothesis methodology

FPVA: first principles vulnerability assessment

FRAP: facilitated risk analysis process

FTA: fault tree analysis

FTM: flexible threat modelling

GATM: generalised approach to threat modelling

GITHUB: GitHub threat modelling process

GITLAB: GitLab threat modelling how-to

GOVCAR: gov cybersecurity architecture review

GTM: generic threat matrix

GTM: guerrilla threat modelling

HAZOP: guidewords applied to use cases

HEAVENS: automotive threat analysis and risk assessment

HITL: human in the loop

HTA: hierarchical task analysis

HTM: human-centred threat modelling

HTMM: hybrid threat modelling method

IAM: infosec assessment methodology

ICPIA: integrated cyber physical impact analysis

IDART: information design assurance red team

IDDIL/ATC: Lockheed Martin common threat analysis methodology

IEC 62443-4-1: IEC SR-2 threat model requirements

IR: intersystem review

IRAM2: ISF information risk assessment methodology

ISO 27005: ISO infosec risk management standard

ISO 31000: ISO risk management standard

IT-GRUNDSCHUTZ: German elementary threats

ITM: incremental threat modelling

ITM: integrated threat modelling

KAC: key assumptions check

LAVA: Los Alamos vulnerability and risk assessment methodology

LINDDUN: Leuven privacy threat analysis framework

LINDDUN GO: Leuven lightweight approach to privacy threat modelling

LINDUN: Leuven privacy threat trees

MACRA: maritime cyber-risk assessment

MAGERIT: methodology for risk analysis and management

MAL: meta attack language

MC: misuse case

MDTM: medical device threat modelling

MEHARI: method for harmonised analysis of risk

MEII: minimum essential information infrastructure process

MIGRA: Selex risk analysis toolkit

MIS: mapping the information system

MLRF: machine learning risk framework

MTM: meta threat modelling

NEAT: necessary-explained-actionable-tested security warnings

NIST: SP 800-30 risk assessment process

NO DIRT: threat modelling for digital healthcare

OCTAVE: operationally critical threat asset and vulnerability evaluation

OCTAVE-S: OCTAVE for small organisations

OCTAVE ALLEGRO: OCTAVE aimed at information assets

OI: oesterreichisches informationssicherheitshandbuch risk analysis

OODA: observe-orient-decide-act loop

OWASP: top ten web application security risks

O-DM: Open Group dependency modelling

PA: ISI vulnerability taxonomy

PANOPTIC: pattern and action nomenclature of privacy threats in context

PASTA: process for attack simulation and threat analysis

PDPE: pattern-directed protection evaluation

PFD: process flow diagram

PM: Purdue model

PNG: persona non grata

PRISMA: product risk management

PTA: practical threat analysis

PTES: penetration testing execution standard

PTM: participatory threat modelling

PYTM: pythonic framework for threat modelling

QIS: quickscan information security

RAINDANCE: attack map process

RATM: risk assessment and threat modelling

RAVIB: risicoanalyse voor informatiebeveiliging

RDSA: risk-based design security analysis

RFC 3552: IETF security considerations guidelines

RISK IT: ISACA risk evaluation process

RRA: rapid risk assessment

RRA: risk remediation analysis

RRM: risk rating methodology

RTM: rapid threat modelling

RTMP: rapid threat model prototyping

SAC: security assurance case

SAEM: security attribute evaluation method

SARA: simple to apply risk analysis

SB: scenario building

SC: security cards

SDL: security development lifecycle

SDR: security design review process

SERA: security engineering risk analysis

SMTS: security modelling in trusted systems

SNAM: survivable network analysis method

SPDD: secure and private by design and default

SPR: security PHA review

SQUARE: security quality requirements engineering

SRA: structured risk analysis

SSEM: secure system engineering methodology

SSVC: stakeholder-specific vulnerability categorisation

STM: self-serve threat modelling

STPA: systems theoretic process analysis

STRIDE: six security threat categories

SVA: security vulnerability analysis

TAF: threat analysis framework

TAL: threat agent library

TARA: threat agent risk assessment

TARA: threat assessment and remediation analysis

THREAGILE: agile threat modelling toolkit

THREATSPEC: threat modelling code annotations

TMC: threat modelling capabilities

TMD: threat modelling for developers

TMD: threat modelling for developers

TME: threat modelling express

TMM: threat modelling manifesto

TMPPT: threat modelling process for product teams

TMSA: threat model and security analysis

TRIKE: Trike threat modelling methodology

TSA: threat susceptibility assessment

TTM: tactical threat modelling

TTM: test-focused threat modelling

TVRA: threat vulnerability risk analysis

T-MAP: USC attack path analysis

UKC: unified kill chain

UML: unified modelling language

WBA: why-because analysis

VTM: value-driven threat modelling

XUUL: OWASP lightweight threat modelling process

examples

5G infrastructure

Argo

Argo CD

Argus

Asset tracker

Authelia

B2G apps

Backstage

BadgeApp

Baltavia substation

Briar

BrowserID

Chromium

Cilium

Client-side scanning

CloudEvents

Confidant

Connected lighting system

Consul

Consul NIA

Contact-tracing apps

CoreDNS

CREAM

CRI-O

curl

DJIGZO

DNSSEC

Egeria

End-to-End

Envoy

External Secrets Operator

Falco

Fictional medical devices

Forthic

GitLab

gocryptfs

Google Cloud Key Vault

Google Cloud Storage

GlobaLeaks

Grid middleware

Hash0

Helm

Istio

Jackson

Kamus

Kata Containers

Katzenpost

kCTF

KEDA

Keystone

Knative

KubeArmor

KubeEdge

Kubernetes

Kubernetes admission control

Ledger Nano

Linkerd

Mailpile

MCUboot encrypted images

Microgrid

Mozilla F1

Mozilla Marketplace

MyProxy

MyProxy OAuth

Network camera

Node.js

Nomad

ntpd-rs

OAuth 2.0

OLPC XO

ONTAP MultiStore

OpenSSL

OpenTitan

O-RAN

Parsec client

Parsec service

Platform components

Pond

reMarkable 2

RISC-V platforms

ROS 2 robotic systems

Routing protocols

SanDisk X600 SED

SCION

SecureDrop

Secure Partition Manager

Sensor device

Sigstore

SLF4J

Smart camera

Smart card systems

Smart lock

Smart speaker

SOPS

SPIRE

SSL ecosystem

Supply chain threats

Terraform Cloud

Tor

Trinity

Trusted Firmware-A

Trusted Firmware-M

Vault

Vitess

Voatz

VOLTTRON

VOMS Core

Water meter

WebRTC

WebSockets

Whonix

ZAP

tooling

Copi

Deciduous

draw.io

Gram

MAL

materialise-threats

Mermaid

OTM

PlantUML

pytm

SeaSponge

SPARTA

Threagile

threatbank

threatcl

threat-composer

Threat Dragon

Threat Items

ThreatPlaybook

threatspec

threatware

TicTaaC

TMS

Verifpal

standards

To do.

journeys

Below, I've collected an overview of experience reports from in-house threat modellers:

Peter Torr, Microsoft, 3 October 2005. Demystifying the threat-modelling process. IEEE Security & Privacy. paper

Larry Osterman, Microsoft, 30 August 2007 to 1 October 2007. Some final thoughts on threat modelling. blog posts

Adam Shostack, Microsoft, 26 September 2007 to 5 November 2007, The trouble with threat modelling. blog posts

Jeffrey Ingalsbe et al., Ford and SEI, 7 January 2008. Threat modelling: diving into the deep end. IEEE Software. paper

Adam Shostack, Microsoft, 17 or 18 May 2008. SDL threat modelling: past, present, and future. LayerOne. slides and recording

Greg Hughes et al., Microsoft and Ford, 10 or 11 or 12 or 13 June 2008. The importance of threat modelling. TechEd North America. interview

Adam Shostack, Microsoft, 28 September 2008. Experiences threat modelling at Microsoft. MODSEC. paper

Danny Dhillon, EMC, 17 October 2008. Threat modelling at EMC. BlueHat. recording and interview

Adam Shostack, Microsoft, 17 October 2008. Threat modelling at Microsoft. BlueHat. recording and interview

Danny Dhillon, EMC, 12 May 2011. Developer-driven threat modelling. IEEE Security & Privacy. paper

Wouter de Meijer, Worth, 9 October 2018. Security in the design phase. blog post

Robert Reichel, GitHub, 2 September 2020. How we threat model. blog post

Jeevan Saini, Segment, 29 March 2021. Threat modelling redefined: the self-serve threat model. blog post

Mark Loveless, GitLab, 9 July 2021. How we're creating a threat model framework that works for GitLab. blog post

Judy Kelly, Red Hat, 18 July 2022. A collaborative approach to threat modelling. blog post

Rui Covelo, OutSystems, 3 October 2022. Developer-driven threat modelling at OutSystems. blog post

Steve Lipner & Michael Howard, SAFECode and Microsoft, 10 April 2023. Inside the Windows security push: a twenty-year retrospective. paper

Arjen, Tweede golf, 31 May 2023. Threat modelling. blog post

Arne Padmos & Vanina Yordanova, Adyen, 11 August 2023. Threat modelling at Adyen. blog post

Jamie Dicken, New Relic, 7 May 2024. Teaching software engineers to threat model: we did it, and so can you. RSAC. slides and recording

research

Ameerah-Muhsinah Jamil et al., Iowa State and Security Compass, 12 November 2021. Threat modelling of cyber-physical systems in practice. CRiSIS. paper

Carson Powers et al., Tufts, 7 August 2022. Where's Eve? Evaluating student threat modelling performance and perceptions. WSIW. paper

Stef Verreydt et al., KU Leuven, 13 August 2024. Threat modelling state of practice in Dutch organisations. SOUPS. paper, slides, and recording

Ronald Thompson et al., Tufts, 16 August 2024. 'There are rabbit holes I want to go down that I'm not allowed to go down': an investigation of security expert threat modelling practices for medical devices. USENIX Sec. paper, slides, and artefacts

copyright

This document is licensed under a CC BY 4.0 licence. The desired citation is as follows: Padmos, A. (2022). Threat modelling. https://github.com/arnepadmos/threats

Note that all documents stored under the archive directory have been copied with the purpose of preventing bit rot. If you would like to have a specific document removed, please file a bug report. If you are the owner of a document that has not been made freely and publicly available, please consider doing so as this will increase both its visibility and its longevity.

About

An extensive list of resources related to threat modelling. Gotta catch ’em all!

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published