Threat modelling for hackers: a hands-on workshop
2022-07-24, 10:00–11:30, DNA 🧬

Systems created by humans may – no will – contain flaws. In order to shine a light on these flaws, you can use a technique called threat modelling. We will take a look at different threat modelling methods that empower hackers (and others) to study the architecture of a system.

There are hundreds if not thousands of different threat modelling methods that can be used to tease apart the structure of a system in the search for security issues. In this workshop, we will cover the key principles behind these methods and we will provide prototypical worked examples. In order to give you hands-on experience with threat modelling, we will go through an archetypical threat modelling exercise together. We will close the workshop by having you apply these methods to one of your own systems. You will be provided with relevant background material to allow you to integrate threat modelling into your daily activities going forward.

Post-workshop reading:
- Threat modelling manifesto, Braiterman et al. (2020)
- The security development life-cycle, Howard & Lipner (2006), chapter 9
- Designing secure software, Loren Kohnfelder (2021), chapter 2
- ISO 31000 risk management guidelines, Technical Committee 262 (2018)
- @arnepadmos/threats

See also:

Arne's travels in the field of information security have crossed areas ranging from usable security to side-channel analysis. He has also taught the various branches that make up security engineering. Currently, Arne's main interest is how the application of risk management and threat modelling can lead to the design, development, and deployment of more secure systems.