Zero Trust Threat modeling analyzes {Zero Trust} system representations to highlight concerns about security and privacy characteristics.
ZTTM requires a methodology for threats that extends classic threat modeling approaches such as STRIDE. This repository describes the CAPITALS methodology of considering threats against a Zero Trust system architecture.
| Category | Definition |
|---|---|
| Compromise & Exploit | Gaining unauthorized control over an element in Zero Trust (ZT) or exploiting its vulnerabilities. |
| Authentication & Session Management | Compromising any part of the identification and authentication mechanism or workflow. |
| Poisoning | Introducing deceptive or misleading data. |
| Information Disclosure | Exposing confidential or private information. |
| Tampering | Altering data or interfering with an automated procedure. |
| Authorization | Bypassing or undermining any aspect of the access control system or its procedures. |
| Lack of Logging | Intentionally or unintentionally neglecting the creation of accurate audit logs. |
| Segmentation, visibility breakdown, and DoS | Disrupting the control/data plane, impairing network visibility, or causing a Denial of Service. |
References:
- Threat Modeling Manifesto