A threat model is comprised of the representation of software and hardware used in a system, the connections (data flows) between them and the trust boundaries in the system. Threat modeling can be performed before a system has been implemented and can, therefore, be used to identify and implement required threat mitigation techniques into the system design before other verification methods can be used (e.g System testing). The threat modeling process can be broken...
A threat model is comprised of the representation of software and hardware used in a system, the connections (data flows) between them and the trust boundaries in the system. Threat modeling can be performed before a system has been implemented and can, therefore, be used to identify and implement required threat mitigation techniques into the system design before other verification methods can be used (e.g System testing).
The threat modeling process can be broken up into 6 stages: