17 Oct 2022 [CT] [guides]

CT-001: Threat modeling demystified

This is the first report in the new Cypherpunk Transmission series.

Motivation

There is no such thing as full privacy and security. It’s impossible to protect all your assets from everyone all the time.

Everything is a trade-off, tools and techniques are ephemeral, and that’s why threat modeling is key.

A list of the most probable threats to your security and privacy endeavors shouldn’t be too hard to create.

Assumptions

Threat modeling A-T-F-R-M

(A)ssets - (T)hreats - (F)ails - (R)isks - (M)itigations

Let’s take a closer look at each step:

(A) Assets

What assets do you want to protect? Identify assets worth protecting.

(T) Threats

Who do you want to protect the assets from? Which adversaries might be interested in those assets? Speculate.

(F) Fails

How bad are the consequences if you fail to protect the assets from those threats? What capabilities does your adversary have?

(R) Risks

What is the probability that any of those fail scenarios might happen?

(M) Mitigations

How much convenience are you willing to sacrifice in order to prevent the fail scenarios? What are you technical and financial constraints?

Example scenario

Jane (34, married with kids, works at small company)

Jane thinks she might have a rare illness and doesn’t want her family, friends and co-workers to find out about it at this point.

(A)

(T)

(F)

(R)

(M)

Observations

Although imperfect, the random example above should provide a big picture view of the threat modeling process and hopefully help you get started.

Here are a few notes to keep in mind:


Feedback

Let me know if you find this helpful and, depending on interest, I will do my best to post a new Cypherpunk Transmission report every (other?) Monday.

Questions, edits and suggestions are always appreciated @ /about/.

-3RA

Credit goes to gnuteardrops from monero.graphics for the amazing xkcd graphic. Work and xkcd Script font licensed under CC BY-NC 3.0.