hTMM threat modeling method
The Hybrid Threat Modeling Method (hTMM) was developed by the Software Engineering Institute (SEI). As the name suggests, it is a combination of several methods: SQUARE (Security Quality Requirements Engineering), designed to elicit, categorize and prioritize security requirements, Security Cards, STRIDE and PnG (Persona non Grata), which focuses on uncovering ways a system can be attacked. This combination helps to cover a wider range of threats, produces no false positives and it is cost-effective. It contains an inbuilt prioritization of threat mitigation and shows consistent results in repeated use.
hTMM emphasizes the importance of early security requirements specification because it can have a significant impact on the system’s security and its architecture in the future system lifecycle.
The authors of the method advise using tools to facilitate summarization and analytics of the threat findings. The usage of Security Cards and PnG is admittedly helpful, however, it is not something exclusive to the metrology.
PnG method
The Hybrid Threat Modeling Method includes PnG as one of its components.
PnG (Persona non Grata) focuses on motivations and skills of actual human hackers. It relates users to certain archetypes and helps analyzing teams to look at the system from an unintended-use point of view. It helps to visualize threats from the counterpart side, examining the potential attacker’s skills, motivations and goals, and understand the vulnerabilities of the system from the attacker’s point of view.
Steps of hTMM
An hTTM analysis is performed in five steps:
- Target system identification. It is used to define the target system, security goals, assets and system artifacts. At this stage the SQUARE method is used.
- Threat Generation. At this stage Security Cards are applied for brainstorming potential threats and attack vectors. It is conducted jointly with developers, system users and security staff.
- Attack vector/scenario filtering. At this stage the output of the Security Cards analysis is studied to filter attack scenarios based on realistic persons, all unlikely PnGs and unrealistic attack vectors are removed from the list.
- Summarizing the result. At this stage STRIDE is commonly used to analyze and summarize the findings for each identified threat with a list of attributes (actor, purpose, target, action, result of the action, impact and threat type).
- Risk assessment modeling. At the final stage a formal risk assessment modeling is carried out.
About SmartState
Launched in 2019 and based in Dubai, SmartState is one of the leading DeFi security auditing firms. We conduct security tests and check the code core, smart contracts and blockchain for all types of errors, vulnerabilities and other issues.
Although SmartState gave a start to operations with smart contract auditing of DLT-projects, from the very beginning, we made our services surpass the classic purview of smart contract audit and security testing. We specialize in manual testing, so the SmartState’s tech team of white-hat security professionals measure up a project’s git and offer guidelines and recommendations for its further advancement. Security audit reports review the threats and vulnerabilities with which codebases may be exploited in the future, as the network achieves scalability and expands to accommodate more use cases and functionality.
Stay tuned and find more about us and what we provide on our:
