This page of The Threat Modeling Framework continues to provide a structured and accessible approach to identifying and mitigating security risks, adding three more core areas: Cloud Security, Attack Surface Management, and AI Security. The framework maintains its focus on clarity and practicality, making threat modeling more approachable for everyone. It highlights common threats in each area and outlines specific security requirements to counter them, promoting a proactive and comprehensive approach to building secure systems:
- Cloud Security: Addresses vulnerabilities and attacks specific to cloud-based applications and infrastructure. Threats include misconfigurations, unauthorized access, insecure data storage, lack of visibility, API vulnerabilities, and DDoS attacks. Requirements emphasize secure configuration management, strong access controls, data encryption, cloud security monitoring, secure API management, and DDoS protection.
- Attack Surface Management: Focuses on identifying and managing the organization's overall attack surface to reduce risk. Threats involve unknown assets, exposed services, outdated software, emerging threats, and unsecured subdomains. Continuous asset discovery, attack surface reduction, vulnerability management, threat intelligence integration, and secure subdomain configuration are essential requirements.
- AI Security: Addresses the unique security challenges related to the use of artificial intelligence in applications and systems. Threats include data poisoning, model manipulation, unethical AI use, AI infrastructure attacks, and insufficient AI system testing. Requirements emphasize secure training data handling, model protection, robust testing and validation, ethical AI principles, secure AI infrastructure, and defence against AI-specific attacks.
This page and the previous page provide a holistic overview of the core areas within the Threat Modeling Framework developed by Nick Kirtley and Tejvir Singh. The framework emphasizes a structured, step-by-step approach that can be applied throughout the development lifecycle to build more secure systems.
Document
CLOUD SECURITY
Threats related to attacks on cloud-based applications and
infrastructure
Threats
Misconfigurations expose
confidential or technical data
Unauthorized access to cloud
accounts or resources
Lack of visibility into cloud activity
API vulnerabilities lead to
unauthorized access
Exposed access keys compromise
cloud storage
Essential cloud services are subject
to network-based unauthorized
access
Attackers perform Distributed
Denial of Service (DDoS) attacks on
cloud services, and incurring high
costs of downtime
Security Requirements
Implement continuous monitoring
for cloud misconfigurations
and use Infrastructure-as-Code
(IaC)
Enforce strong authentication
(MFA), granular access controls
(IAM), and the principle of least
privilege
Deploy cloud security
monitoring and logging solutions
Secure APIs with authentication,
authorization, input validation, and
thorough security testing
Securely manage and rotate cloud
storage keys, credentials, and
secrets. Enforce strong access
controls
Implement network based microsegmentation around services,
applications and assets used within
the cloud
Implement cloud-based DDoS
prevention solutions at the network
and application level
ATTACK SURFACE MANAGEMENT
Threats related to attacks on externally facing (incl. internet) assets,
applications and infrastructure
Threats
Unknown assets expand attack
surface
Externally facing weaknesses are
attacked and act as a
steppingstone for further attack
Outdated software with known
vulnerabilities is attacked
Emerging threats are attacked
before they are identified
Unsecured subdomains lead to
website takeover
Externally facing open ports and
services are discovered by
attackers
Security Requirements
Continuously discover and
inventory assets using automated
tools
Minimise exposure, harden
systems, and implement strong
perimeter defenses
Perform continuous (external)
vulnerability management
and apply timely patches
Integrate threat intelligence feeds
and analysis into your security
program
Configure and secure all
subdomains, include them in attack
surface assessments
Minimize open ports, use firewalls
to control traffic,
and configure secure cloud
security groups
AI SECURITY
Threats related to abuse of AI applications, services or features
Threats
Data Poisoning leads to incorrect or
malicious AI output
Model manipulation: by
backdooring, theft, or evasion
Unethical AI use: bias, privacy
violations, lack of transparency
Reverse engineering of AI models
exposes intellectual property
Lack of model monitoring allows
for performance degradation or
malicious drift to go undetected
Insufficient testing of AI systems
leads to unexpected vulnerabilities
being exploited in production
Security Requirements
Validate training
data, implement data integrity
checks, and secure data storage
Securely develop AI
models, enforce access
controls, and conduct regular
integrity testing
Define and adhere to ethical
guidelines, mitigate bias, use
privacy-preserving techniques,
and ensure transparency
Implement techniques to
prevent reverse engineering,
such as code obfuscation or
using secure enclaves
Monitor AI model performance and
behavior over time to detect
anomalies and potential security
breaches
Thoroughly test AI systems with
diverse inputs, including
adversarial examples, to identify
and address vulnerabilities before
deployment
Threat Modeling
Framework
Nick Kirtley & Tejvir Singh | 27 Jul 2024 | v1.0
Aristiun.com | Threat-Modeling.com
.webp)
