Contents
Threat Modelling Frameworks: Identifying and Managing Cyber Risks
Threat modelling is a proactive cybersecurity process used to identify, prioritise, and mitigate potential threats before they can be exploited. It’s a vital part of secure system design, helping teams anticipate vulnerabilities, understand attacker goals, and build security into applications and infrastructure from the start.
🛠️ What Is Threat Modelling?
Threat modelling answers four fundamental questions:
- What are we building?
- What can go wrong?
- What are we doing about it?
- Have we done a good enough job?
By applying structured thinking frameworks, organisations can anticipate attacks, reduce risk, and improve resilience — all while aligning with DevSecOps and regulatory requirements.
🧩 Common Threat Modelling Frameworks
🔍 1. STRIDE (Microsoft)
A classic model developed by Microsoft, used primarily in application and system design.
| STRIDE Category | Description |
|---|---|
| Spoofing | Impersonating users or systems |
| Tampering | Modifying data or code |
| Repudiation | Denying actions or transactions |
| Information Disclosure | Leaking sensitive data |
| Denial of Service | Disrupting service availability |
| Elevation of Privilege | Gaining unauthorised privileges |
STRIDE is typically used during the design phase to evaluate components, data flows, and trust boundaries.
🔢 2. DREAD (Microsoft, Deprecated)
Formerly used for prioritising threats, based on 5 factors:
| DREAD Metric | What It Measures |
|---|---|
| Damage potential | How bad would the attack be? |
| Reproducibility | How easy is it to reproduce the attack? |
| Exploitability | How easy is it to launch the attack? |
| Affected users | How many users would be impacted? |
| Discoverability | How easy is it to discover the threat? |
DREAD is no longer widely used due to subjectivity concerns, but can still inform internal risk ratings.
🧪 3. PASTA (Process for Attack Simulation and Threat Analysis)
A risk-centric framework that aligns with business impact.
| PASTA Stage | Purpose |
|---|---|
| 1. Define business objectives | What are we protecting? |
| 2. Define technical scope | Identify assets, interfaces, boundaries |
| 3. Decompose the application | Understand data flows and architecture |
| 4. Threat analysis | Use attacker models and scenarios |
| 5. Vulnerability analysis | Identify weaknesses |
| 6. Attack modelling | Simulate attacks |
| 7. Risk and impact analysis | Prioritise based on business value |
PASTA is suited for complex, high-value applications, especially in regulated industries.
🧠 4. MITRE ATT&CK
A globally curated knowledge base of real-world adversary tactics and techniques.
- Used for post-exploitation threat modelling and defensive gap analysis
- Helps map threats to real attacker behaviour (e.g. lateral movement, privilege escalation)
- Commonly used in SOC playbooks, threat emulation, and purple teaming
Unlike STRIDE and PASTA, ATT&CK is not design-phase focused, but excels in operational threat modelling and adversary mapping.
🛠️ 5. LINDDUN
A privacy-focused threat modelling framework.
| LINDDUN Category | Description |
|---|---|
| Linkability | Identifying linkable user data |
| Identifiability | Personal data exposure risks |
| Non-repudiation | Verifiable actions and records |
| Detectability | System observability by attackers |
| Disclosure of Information | Unintended data leakage |
| Unauthorised Actions | Policy violations and misuse |
| Non-compliance | Failing to meet privacy obligations |
LINDDUN is valuable for GDPR, HIPAA, and other privacy-by-design efforts.
🧠 When to Use Each Framework
| Framework | Best Used For |
|---|---|
| STRIDE | Early-stage design of systems and apps |
| PASTA | Business-aligned risk modelling |
| MITRE ATT&CK | Threat emulation and SOC operations |
| LINDDUN | Privacy impact assessments |
| DREAD | (Optional) Risk prioritisation (legacy use) |
✅ Summary
Threat modelling is essential for proactively addressing security and privacy risks in software and infrastructure. By using frameworks like STRIDE, PASTA, and MITRE ATT&CK, teams can systematically analyse threats, understand attacker behaviour, and make informed decisions to reduce risk.
Whether you’re securing a new app, mapping adversary behaviour, or aligning with compliance — there’s a threat modelling framework to match your goals.
🔗 Resources
- OWASP Threat Modelling: https://owasp.org/www-community/Threat_Modeling
- MITRE ATT&CK: https://attack.mitre.org
- LINDDUN: https://linddun.org
- Threat Modeling Manifesto: https://www.threatmodelingmanifesto.org