0
0
Cybersecurityknowledge~10 mins

Threat modeling (STRIDE, DREAD) in Cybersecurity - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime
Concept Flow - Threat modeling (STRIDE, DREAD)
Identify Assets
Identify Threats using STRIDE
Assess Threats using DREAD
Prioritize Threats
Plan Mitigations
Review and Update
The flow starts by identifying what to protect, then finds threats using STRIDE, assesses their risk with DREAD, prioritizes them, plans defenses, and repeats regularly.
Execution Sample
Cybersecurity
Assets = ['User Data', 'Server']
Threats = STRIDE(Assets)
Risks = DREAD(Threats)
Prioritize(Risks)
Mitigate(TopRisks)
This pseudocode shows identifying assets, finding threats with STRIDE, scoring risks with DREAD, prioritizing, and mitigating top risks.
Analysis Table
StepActionDetailsResult
1Identify AssetsList important things to protectAssets = ['User Data', 'Server']
2Apply STRIDECheck each asset for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of PrivilegeThreats = ['Spoofing User Data', 'Tampering Server', ...]
3Apply DREADRate each threat on Damage, Reproducibility, Exploitability, Affected Users, Discoverability (scale 1-10)Risks = {'Spoofing User Data': 35, 'Tampering Server': 40, ...}
4PrioritizeSort threats by DREAD score descendingTopRisks = ['Tampering Server', 'Spoofing User Data', ...]
5Plan MitigationsDecide how to reduce top risksMitigations planned for top threats
6Review and UpdateRepeat process regularly to catch new threatsThreat model updated
💡 Process ends after planning mitigations and scheduling reviews
State Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4Final
Assets[]['User Data', 'Server']['User Data', 'Server']['User Data', 'Server']['User Data', 'Server']['User Data', 'Server']
Threats[][]['Spoofing User Data', 'Tampering Server', 'Repudiation', 'Information Disclosure', 'Denial of Service', 'Elevation of Privilege']['Spoofing User Data', 'Tampering Server', 'Repudiation', 'Information Disclosure', 'Denial of Service', 'Elevation of Privilege']['Spoofing User Data', 'Tampering Server', 'Repudiation', 'Information Disclosure', 'Denial of Service', 'Elevation of Privilege']['Spoofing User Data', 'Tampering Server', 'Repudiation', 'Information Disclosure', 'Denial of Service', 'Elevation of Privilege']
Risks{}{}{}{'Spoofing User Data': 35, 'Tampering Server': 40, 'Repudiation': 20, 'Information Disclosure': 30, 'Denial of Service': 25, 'Elevation of Privilege': 15}{'Tampering Server': 40, 'Spoofing User Data': 35, 'Information Disclosure': 30, 'Denial of Service': 25, 'Repudiation': 20, 'Elevation of Privilege': 15}{'Tampering Server': 40, 'Spoofing User Data': 35, 'Information Disclosure': 30, 'Denial of Service': 25, 'Repudiation': 20, 'Elevation of Privilege': 15}
TopRisks[][][][]['Tampering Server', 'Spoofing User Data', 'Information Disclosure', 'Denial of Service', 'Repudiation', 'Elevation of Privilege']['Tampering Server', 'Spoofing User Data', 'Information Disclosure', 'Denial of Service', 'Repudiation', 'Elevation of Privilege']
Key Insights - 3 Insights
Why do we use STRIDE before DREAD?
STRIDE helps find different types of threats first (see execution_table step 2), then DREAD scores their risk (step 3). Without STRIDE, we might miss threats to score.
What does a high DREAD score mean?
A high DREAD score (execution_table step 3) means the threat is more dangerous or likely, so it should be prioritized for mitigation (step 4).
Why do we review and update the threat model regularly?
New threats appear over time. Regular review (step 6) keeps the model current and defenses effective.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table at step 3. What does the DREAD score represent?
AThe risk level of each threat
BThe number of assets
CThe list of mitigations
DThe types of threats
💡 Hint
Check the 'Details' and 'Result' columns at step 3 in execution_table
At which step in the execution_table do we decide which threats to fix first?
AStep 1
BStep 2
CStep 4
DStep 6
💡 Hint
Look for the step where threats are sorted by risk
If a new asset is added after step 1, how would the variable 'Threats' change?
AIt would stay the same
BIt would include threats related to the new asset
CIt would remove old threats
DIt would only list mitigations
💡 Hint
Refer to variable_tracker for how Threats depend on Assets
Concept Snapshot
Threat modeling helps find and fix security risks.
STRIDE finds threat types: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.
DREAD scores threats by Damage, Reproducibility, Exploitability, Affected users, Discoverability.
Use STRIDE first to identify threats, then DREAD to prioritize.
Plan mitigations for top risks and review regularly.
Full Transcript
Threat modeling is a process to find and fix security risks. First, identify what you want to protect, called assets. Then use STRIDE to find different types of threats to those assets. STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. After listing threats, use DREAD to score each threat's risk. DREAD scores Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability on a scale. Higher scores mean higher risk. Sort threats by their DREAD scores to decide which to fix first. Plan how to reduce these risks with mitigations. Finally, review and update the threat model regularly to catch new risks. This step-by-step process helps keep systems safer by focusing on the most serious threats first.