Prepare for Assessment
In this chapter, we will review the assessment and threat modeling process that has been introduced in previous chapters. The process has been described at a high level, though presented piece-by-piece, wherever a particular step of the process was relevant to fully understand the background material necessary for assessment. In this chapter, we will go through, in a step-wise fashion, a single example architecture risk assessment (ARA) and threat model. The goal is to become familiar with the process rather than to complete the assessment. In Part II, we will apply these steps more thoroughly to six example architectures in order to fully understand and get some practice in the art and craft of ARA. The example used in this chapter will be completed in Part II.
At the highest level, an assessment follows the mnemonic, ATASM:
Architecture ^ Threats ^ Attack Surfaces ^ Mitigations
Figure 5.1 shows the ATASM flow graphically. There are architecture tasks that will help to determine which threats are relevant to systems of the type under assessment.
Figure 5.1 Architecture, threats, attack surfaces, mitigations.
The architecture must be understood sufficiently in order to enumerate the attack surfaces that the threats are applied to. Applying specific threats to particular attack surfaces is the essential activity in a threat model.
ATASM is meant merely as a very high-level abstraction to facilitate keeping the assessment process in mind. In addition, ATASM may help beginning assessors order and retain the details and specifics of the ARA process. There are many steps and details that must be understood and practiced to deliver a thorough ARA. Having a high-level sequence allows me to retain these numerous details while I proceed through an analysis. My hope is to offer you an abstraction that makes this process easier for you, as well.