Hasty Briefsbeta

Bilingual

Soatok's Informal Guide to Threat Models

4 hours ago
  • #cryptography
  • #cybersecurity
  • #threat modeling
  • Threat modeling is a key cybersecurity process, often misunderstood or used as a buzzword.
  • A basic threat model should answer what assets are being protected, who the adversaries are, how attacks might occur, and prevention strategies.
  • Important additional considerations include relationships between assets, assumptions made, and which threats are not being addressed.
  • Threat models should be living documents, updated regularly as systems and threats evolve.
  • Starting threat modeling involves mapping system components and iteratively analyzing them for risks and assumptions.
  • Good threat models list assumptions, assets, actors, and risks with mitigation statuses (prevented, mitigated, addressable, open).
  • Bad threat models are often incomplete lists of attacks without clear assets, assumptions, or relationships.
  • Threat modeling helps improve security by identifying and mitigating risks, leading to better design choices like using passkeys over passwords.
  • In decentralized systems, threat modeling reveals challenges such as ensuring message ordering and avoiding central authorities.
  • Understanding threat models aids in evaluating technical debates, such as those around post-quantum cryptography and hybrid vs. pure algorithms.