Threat Modeling Research Paper
kgf_rocky_bhai
CheggExpertCheck-120317.pdf
Page 1
Expert feedback
July 15, 2021
Hi,
I read your paper on the Threat Models with their introduction and analysis. Below is a
brief critique of the assignment.
Nice work,
Your Chegg Expert
Overall score: 3.8/5
Ideas and Content
3/5
Organization 4/5
Voice 4/5
Word Choice 4/5
Sentence Fluency 5/5
Grammar and spelling 3/5
Please note that the score provided above only represents the Expert’s judgment of your writing and in
no way makes any promises or assurances concerning your actual grade.
Page 2
Ideas and content
The essay is well developed. It has adequate quality of content presented in an
interesting manner. The ideas are also well curated. However, you are suggested to
include a brief overview of the system security threats and vulnerabilities in the Threat
Models. Also, make sure to add more details about the each model like the Attack Tree
model, the Practical Threat Analysis model and the Stride Threat model in the essay.
You are also suggested to include further details such as the difference in the models
and the recommendations of the models as well, for an easy idea of your essay.
Organization
The essay displays a good use of the organizational aid but it needs to be more logically
organized. Make sure that all the major points are highlighted like the Attack Tree
model, the Practical Threat Analysis model and the Stride Threat model in the essay.
Also, try to organize the essay under detailed sub-headings. Finally, the most strategic
improvement you made is separating a long paragraph into well structured small
paragraphs.
Voice
The essay has a sufficient awareness of audience. It displays a clear insight into the
system security threat models. It convincingly informs the readers about the Threat
Models in the essay. The essay is presented nicely with a descriptive point of view. It has
a satisfactory tone. You have managed to stick to the normal tone as much as possible.
Most of the sentences have been rightly used in the active voice. However, try to use
correct voice in “Hence, not only does the Attack Tree model effectively identify…” to
a better expression “The Attack Tree model identifies the various attacks and also
performs a qualitative and quantitative…”
Page 3
Word Choice
The essay has a broad-ranged vocabulary with good use of words. The fine choice of
words displays ample amount of semantic structure in the overall essay. However, try to
avoid incorrect word choice in “The possible attacks on the system are represented
[presented] in a conceptual tree.”
Sentence Fluency
The essay has a good command over speech with proper fluency in sentences. The
fluency displays your good command on the language as well as prevents any linguistic
barriers to learning. Also, the correct fluency in speech shows your sufficient knowledge
of the language as well as the topic that you have written on. Good work!
Grammar and spelling
The essay reads well but watch out for some grammatical errors. Consider replacing
multiple with a clearer expression like “However, multiple [several] security
threats…”Avoid unnecessary use of words like “Additionally [Furthermore], there are
limited adequate [limited] security measures…” For better clarity, run your essay
through the Chegg Grammar and Spelling Checker given in the link, to make your paper
error free- https://www.chegg.com/writing/grammar-check/
Page 4
Next Steps
Fix what you agree with, ignore what you don't, and then resubmit to get another
expert check! The best way to improve your paper is to keep writing, revising,
and considering outside feedback.
Resubmit my paper
After you’ve got your paper reading just right, submit it for a Plagiarism and
Grammar check to add that final polish and catch any remaining issues!
Check Plagiarism and Grammar
Page 5
Your paper Threat Models
Name
Institution
Course
Tutor
Introduction
A new medium-sized health care facility may adopt telehealth systems to
enhance various purposes such as remote patient monitoring and specialist
referral services. However, multiple security and privacy issues arise as a
result of implementing telehealth. Additionally, there are limited adequate
security measures to prevent the numerous data breaches while the potential
threats have increased dramatically; This has left many health providers and
patients vulnerable to security threats. Consequently, threat modelling is
applied to help understand system security threats and vulnerabilities.
Threat modelling is helpful as it determines the most cost-effective security
solutions to reduce attacks. Threat modelling analyzes the system threats and
vulnerability scenarios to examine the risks. Hence, this report provides an
overview of three models and recommends the most cost-effective model in an
organization: Attack Tree (AT), the Practical Threat Analysis (PTA) and the
STRIDE.
1. Attack Tree (AT)
The possible attacks on the system are represented in a conceptual tree.
Potential attacks on the system are estimated and captured with the inter-
dependencies between these attacks through a systematic methodology (Chapple
et al., 2018). This model illustrates the attack as a tree structure; the
root represents the attacker's goal while the children nodes represent how
these goals can be achieved. Hence, for an attack to succeed, the node’s
direct children must be true. Therefore, the precondition for the attack to
succeed is formed by these node’s children. It is worth noting that attack
trees are flexible in representing attacks at different levels of scales and
abstractions. Similarly, they are helpful when performing an analysis of
attacks: qualitative or quantitative.
Hence, not only does the attack tree model effectively identify the various
attacks but also performs a qualitative and quantitative analysis. While
identifying various attacks is beneficial to the healthcare facility system
as it implements countermeasures, implementing such countermeasures is
prioritized by conducting qualitative and quantitative analysis. Hence, the
system can identify an attack with disastrous effects and address them in
order of importance. Examples of countermeasures include encryption, user
authorization and user authentication. Encryption allows many networks
attacks to reduce significantly by encrypting all tools through cryptographic
protocols such as TLS/SSL. User authentication allows employing good
Page 6
practices such as multi-factor authenticating and firm password policy to
authenticate the user. Additionally, user authorization involves adopting
principles such as separation of duties and least privileges through
implementing role-based access policies. Consequently, the authorized users
are assigned roles with minimum privileges.
2. The Practical Threat Analysis (PTA) Model
The operational and security risks in the complex systems of healthcare are
effectively managed by adopting the PTA calculative threat analysis and
model. It is helpful for healthcare in providing a quick way to maintain
dynamic threats; this is because it can react to changes in the assets and
vulnerabilities of the system. Similarly, it maintains a growing database of
threats and makes reports revealing the essence of different threats.
Moreover, it provides the priorities of the corresponding countermeasure;
This enables the top management with decision making in the updated risk
mitigation plan, reflecting changes in threat realties. The recommended
mitigation plan includes the countermeasure, which is cost-effective against
specific threats.
The PTA threat model provides a risk mitigation plan through the following
steps: first off, it identifies the assets and maps them to the potential
losses due to damages. The threat is calculated through the asset's values.
Additionally, the assets also account for the calculation of the risks and
countermeasure priorities (Admin, n.d.). Secondly, the PTA threat model
identifies the vulnerabilities through the knowledge provided for the types
of users, business and operational procedures, and system's architecture and
functionality. Mostly, it is a continuous iterative task. Thirdly, the model
defines countermeasure, which is relevant to the system's vulnerabilities.
Countermeasure is aligned based on the estimated implementation cost of the
healthcare facility, while the fourth step is establishing threat scenarios
and mitigation plans. This is achieved by selecting the most practical
combination of countermeasures.
3. STRIDE
It is one of the earliest and most effective threat models. This model
provides a practical framework to handle the threat (Almulhem, 2012). For
example, the model can suggest what countermeasure to include, attack the
vectors and assets the attacker need most and likely provide the attacker's
profile. The healthcare facility can benefit from its ability to find
threats, prioritize the most serious ones, schedule solutions and establish
plans to secure the IT resources. The main objective of the model is to
ensure that the healthcare system mains confidentiality, integrity and
availability (CIA triad). The security threats are divided into six
categories: Spoofing, tampering, repudiation, information disclosure and
denial of service. After threats are identified in the model, a categorizing
scheme used to analyze and prioritize the quantity of risk is referred to as
the DREAD risk assessment model for rating.
+--------------+----------------------------------------------------------+
| Threat Model | Features |
+==============+==========================================================+
| STRIDE | - Useful in detecting appropriate mitigating methods. |
| | |
Page 7
| | - It is the most mature model. |
| | |
| | - Easy to use. However, it is time-consuming. |
+--------------+----------------------------------------------------------+
| PTA | - Has rich documentation. |
| | |
| | - Allows built-in prioritization of threat mitigation. |
| | |
| | - Useful in detecting appropriate mitigating methods. |
+--------------+----------------------------------------------------------+
| Attack Trees | - Useful in detecting appropriate mitigating methods, |
| | |
| | - Easy to use. |
| | |
| | - Allows consistent outcomes when used continuously. |
+--------------+----------------------------------------------------------+
Recommendation
This report recommends STRIDE as the most outstanding model suitable for a
new medium-sized health care facility. The model was introduced in 1999 and
remained one of the most mature, oldest and well-documented models (Abomhara
et al., 2015). Similarly, it allows establishing data-flow diagrams (DFDs) to
identify the components, trust boundaries of a product, actors and events of
a system.
Threat Functionality Threat
------------------------ ----------------- --------------------------------
--------------------------------------
Spoofing Authentication Faking identity other than
yourself.
Tampering with Data Integrity The data on the disk is
maliciously modified.
Repudiation Non-repudiation Refusing to perform an action
and other parties cannot do otherwise.
Information disclosure Confidentiality Availing information to
unauthorized persons.
Denial of Service Availability The resources necessary for
services are exhausted.
Elevation of Privilege Authorization A user gains privileged access
to the system which is unprivileged.
Threat Description
Rating
---------------------------------------------------------------------------
-------------------------------------------------------------------------- --
-------
Patient identity loss or identity sharing. The patient may leave their
login credentials to public knowledge.
Low
Identity theft and misuse. The caregiver misuse patient identity to exploit
healthcare delivery.
High
Page 8
Source Spoofing. The patient's communication device can be spoofed by an
attacker, which leads to the attacker getting all the patient information.
Medium.
STRIDE Threat Model: Denial of Service UML Diagram
Denial of Service refers to when a network resource or a service is
unavailable. The resource necessary for services is exhausted.
Conclusion
This report proposes three threat models for a new medium-sized health care
facility to capture the possible attacks, which may impact the overall
performance of healthcare systems: Attack Tree (AT), the Practical Threat
Analysis (PTA) and the STRIDE. Attack Tree allows the possible attacks on the
system to be estimated and captured with the inter-dependencies between these
attacks through a systematic methodology. In contrast, the Practical Threat
Analysis (PTA) Model allows for the operational and security risks in the
complex systems of healthcare to be effectively managed by adopting the PTA
calculative threat analysis and the model. However, the report recommends
STRIDE since it is one of the earliest and most effective threat models and
provides a practical framework to handle the threat. These models presented
for discussion, however, equally provide potential countermeasure to
authorization and authentication in the healthcare system.
References
Abomhara, M., Gerdes, M., & Køien, G. M. (2015). A STRIDE-Based Threat Model
for Telehealth Systems. NISK Journal, 82–96.
http://ojs.bibsys.no/index.php/NISK/article/view/299
Admin, N. (n.d.). The PTA (practical threat analysis) methodology in a
nutshell. Retrieved July 14, 2021, from
https://www.academia.edu/36498428/The_PTA_Practical_Threat_Analysis_Methodolo
gy_in_a_Nutshell
Almulhem, A. (2012). Threat modeling for electronic health record systems.
Journal of Medical Systems, 36(5), 2921–2926. https://doi.org/10.1007/s10916-
011-9770-6
Chapple, M., Stewart, J. M., & Gibson, D. (2018). (ISC) 2 CISSP Certified
Information Systems Security Professional Official Study Guide.
https://kurh.pw/cisspcertifiedinformation.pdf
