73 lines
1.8 KiB
Markdown
73 lines
1.8 KiB
Markdown
# Threat Modeling
|
||
|
||
## Definition
|
||
Threat Modeling is a structured approach for identifying and prioritizing potential threats to a system, and determining the value that potential mitigations would have in reducing or neutralizing those threats.
|
||
|
||
## Concept
|
||
威胁建模是一种系统化的方法,用于识别和优先处理系统的潜在威胁,并确定潜在缓解措施在减少或消除这些威胁方面的价值。
|
||
|
||
## When to Perform
|
||
|
||
### Design Phase (Shift-Left)
|
||
- 新系统架构设计时
|
||
- 重大功能变更时
|
||
- 系统集成前
|
||
|
||
### Development Phase
|
||
- 安全编码时
|
||
- 安全评审时
|
||
|
||
### Operations Phase (Shift-Right)
|
||
- 定期复审
|
||
- 重大安全事件后
|
||
- 系统退役评估
|
||
|
||
## Process (STRIDE Framework)
|
||
|
||
### S - Spoofing(欺骗)
|
||
伪造身份,如会话劫持
|
||
|
||
### T - Tampering(篡改)
|
||
修改数据或代码
|
||
|
||
### R - Repudiation(抵赖)
|
||
否认执行的操作
|
||
|
||
### I - Information Disclosure(信息泄露)
|
||
未授权访问敏感数据
|
||
|
||
### D - Denial of Service(拒绝服务)
|
||
使系统不可用
|
||
|
||
### E - Elevation of Privilege(权限提升)
|
||
获得超出预期的权限
|
||
|
||
## Tools
|
||
- Microsoft Threat Modeling Tool
|
||
- OWASP Threat Dragon
|
||
- IriusRisk
|
||
- draw.io + 威胁建模模板
|
||
|
||
## Output
|
||
- 威胁文档
|
||
- 风险矩阵(概率 × 影响)
|
||
- 缓解措施清单
|
||
- 安全需求
|
||
|
||
## Best Practices
|
||
1. 从攻击者角度思考
|
||
2. 覆盖所有信任边界
|
||
3. 考虑依赖组件的安全
|
||
4. 定期更新威胁模型
|
||
5. 与安全专家协作
|
||
|
||
## Related Concepts
|
||
- [[DevSecOps]] — 威胁建模是安全开发的重要实践
|
||
- [[Shift-Left-Security]] — 早期安全分析
|
||
- [[Zero-Trust-Architecture]] — 零信任架构
|
||
- [[Risk-Management]] — 风险管理
|
||
- [[Security-Design]] — 安全设计
|
||
|
||
## Sources
|
||
- [[what-is-devsecops-best-practices-benefits-and-tools]]
|