Trike is a framework for security auditing from a risk-based perspective. This is achieved through Trike threat modeling, which generates threat models.
With the Trike threat models, it is possible to describe the security model (or characteristics) of an application or IT system (from a high level down to a low level).
Trike has the following characteristics that are helpful to understand:
- Enables effective communication between various team members.
- Allows for automated threat generation and attack graphs.
- Supports a requirements model and an implementation model (which is helpful in the real world because applications and systems themselves have requirements, as well as implementation requirements to deploy and use the application or system).
- Trike is a risk based method, meaning that teams can focus on highest risk first (and use precious time effectively).
Key Concepts of TRIKE
Trike is a thorough threat modeling methodology. It looks at many parts of an application or system, including:
- Requirements model
- Intended actions
- Actor / asset action matrix
- Implementation model
- Intended actions versus supporting operations (and the state machine)
- Data Flow Diagrams (DFDs)
- Use flows
- Threat model
- Threat generation
- Attacks, attack trees, and attack graph
- Attack libraries
- Risk model
- Asset values, role risks, asset-action risks, and threat exposures
- Weakness probabilities and mitigations
- Vulnerability probabilities and exposures
- Threat risks
- Using the risk model
As you can see by the above, there are a lot of different activities performed within Trike threat modeling which provide various insight from different angles, and thus inform the threat modeler of potential threats to an application or system.
Key Highlights from the Trike Paper
Trike has a paper which describes the methodology straight from the source (its original authors). Here are some highlights from the paper:
- Trike is a unified conceptual framework for security auditing from a risk management perspective through the generation of threat models.
- We approach threat modeling and indeed all system auditing activities from a risk management perspec- tive. It is impossible to completely secure any sys- tem against all attackers, and thus we are charged with ensuring that the countermeasures against at- tacks are appropriate given the risks of those attacks which they defend against, and the efficacy of those countermeasures.
- All security analysis work, including threat modeling, requires trained security experts. However, much of the work in threat modeling can and should be auto- mated, allowing the experts to focus their time and attention where it is required.
- Beyond its more systematic methodology, Trike dif- fers in focus from other existing approaches to threat modeling in that it focuses on modeling threats from a defensive perspective, not that of an attacker.
- Threat models in general and Trike in particular are also very good as communication devices.
The above highlights show some of the key concepts that make up Trike threat modeling.
Trike Versions and Programs
Trike has a version 1 and a version 2.
Further, Trike has an Excel work program, as well as a standalone tool to help perform Trike threat modeling.
Trike Threat Modeling Conclusion
Trike threat modeling was developed and released in 2005.
Note that in recent years it has not had much attention. This is also reflected by the current state of the official website.
Trike is a detailed methodology, with many steps involved in creating a threat model.