hype8912
commented
3 months ago Pull request #32 has some Mitre Att&ck stuff in it if you wanted to pull that
Open saurabhlime opened 3 months ago
hype8912
commented
3 months ago Pull request #32 has some Mitre Att&ck stuff in it if you wanted to pull that
What problem does your feature request solve? Currently, the tool does a good job of decomposing the architecture and applying threats according to the STRIDE framework. This still leaves some gaps in determining the cybersecurity requirements that the process/implementation needs to adhere to to determine the risk response plan.
Solution: The solution I am proposing is that we can create an additional layer of taxonomy of threats under STRIDE to identify the attacker's tactics and techniques which might be used to identify the right defenses. These can become the cybersecurity requirements for the process/implementation that we are threat modeling.
This combined process for threat modeling can be like: The first step is to identify the process and map out the dataflows and interactions between them and the trust boundaries.[StrideGPT is capable of this]
Second, for each of the subsystems, enumerate a STRIDE matrix listing the mnemonics. Third, the 12 ATT&CK tactics are tallied. Enumerated tactics are: • Initial Access • Execution • Persistence • Privilege Escalation • Defense Evasion • Credential Access • Discovery • Lateral Movement • Collection • Command and Control • Exfiltration • Impact
In Step 4, for each of the tactics within each of the STRIDE mnemonics, the applicable techniques are evaluated. For instance, for the STRIDE mnemonic of spoofing, the 12 tactics are evaluated for ATT&CK threat techniques that could result in spoofing against authenticity. In other words, Steps 2 through 4 are a process of elimination.
Advantages:
References: https://blog.isc2.org/isc2_blog/2020/02/under-attack-how-mitres-methodology-to-find-threats-and-embed-counter-measures-might-work-in-your-or.html