Making a threatmodel, part 1: Business usecases | Division by Zero

Architecture, security and coding

Making a threatmodel, part 1: Business usecases

Making a threatmodel, part 1: Business usecases

Written by Division by Zero

Wednesday, 02 February 2011 13:01

Last year I wrote some posts on threat modeling. Now it seems time to give an example on how to create a threat model. Because of the lack of good tooling to create threat models, the example is by hand.

As the basis for this example I'll take a fictional middle large company that has a web-shop and a customer service department. They use a customer relations database, a system that handles orders and a customer contact registration application. Threat models can be created in every level of detail that you want. Most of the time I keep them quite globally. The level of detail isn't relevant for the technique of creating a threat model.

The first step in creating a threat model is by identifying the (business) use cases that are relevant for the architecture of the application or applications you're modeling. A use case is relevant if the requesting functionality changes the architecture or demands more of it. For example a new user-role is added that needs access to the system or the the application needs to be accessible from everywhere instead of only on the company network.

In this example the following use cases are relevant:

The potential customer browses the catalog
The customer places an order
The customer pays
The customer requests the order status
An employee of the customer service department handles order status to help a customer on the phone
An employee gets then next order to process and send.

These use cases give us the different roles that will have access to the system. The next step is to create a DFD (Data Flow Diagram) of the architecture of the roles and components involved.

Last year I wrote some posts on threat modeling. Now it seems time to give an example on how to create a threat model. Because of the lack of good tooling to create threat models, the example is by hand.

As the basis for this example I'll take a fictional middle large company that has a web-shop and a customer service department. They use a customer relations database, a system that handles orders and a customer contact registration application. Threat models can be created in every level of detail that you want. Most of the time I keep them quite globally. The level of detail isn't relevant for the technique of creating a threat model.

The first step in creating a threat model is by identifying the (business) use cases that are relevant for the architecture of the application or applications you're modeling. A use case is relevant if the requesting functionality changes the architecture or demands more of it. For example a new user-role is added that needs access to the system or the the application needs to be accessible from everywhere instead of only on the company network.

Tags:

Related Articles

Add comment

Computers are useless. They can only give you answers. - Pablo Picasso

© 2009 - 2012, Division by Zero

Template based on the empire template by joomlashack

This work by Division by Zero is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Netherlands License.