From Plymouth Rock to Cyber Blocks: A Unique Threat Model Analysis of the First Thanksgiving


As software professionals, we often find ourselves entrenched in code, architecture, and cybersecurity. However, sometimes, drawing parallels from history can provide fresh insights into our work. Let's embark on a unique journey back to 1621, to the First Thanksgiving, and apply a modern threat model to this historical event. Using the STRIDE methodology, a staple in software security, we can draw intriguing parallels between then and now, offering a new perspective on threat modelling.

Spoofing: Identity Threats at the Feast

Imagine the First Thanksgiving, where Pilgrims and the Wampanoag tribe gathered to celebrate. In a spoofing scenario, an uninvited guest could pose as a member of either group, gaining access to the feast. This is akin to cyber spoofing, where an attacker assumes a false identity to gain unauthorised access to a system. Just as the Pilgrims and Native Americans would need to verify each other's identity, we use authentication mechanisms to prevent such breaches in software.

Tampering: The Risk of Altered Supplies

Tampering in 1621 could involve altering food or supplies, a real threat that could lead to illness. In the software world, tampering equates to unauthorised modifications of code or data. Ensuring the integrity of resources was as crucial at the Thanksgiving table as it is in our systems today, necessitating robust validation and integrity checks.

Repudiation: Denying Actions Without a Trace

Without a written record, any participant in the First Thanksgiving could deny their actions or words. In software, this is akin to an attacker or even a legitimate user denying their actions due to a lack of proper auditing and logging. Implementing comprehensive logging and monitoring is as vital in software as keeping records was during historical events.

Information Disclosure: Secrets Spilled

Private discussions or strategic information could have been inadvertently or maliciously disclosed at the First Thanksgiving. This parallels the unauthorised access to confidential data in the software realm. Protecting sensitive information through encryption and access controls is as important today as keeping secrets was during those historical times.

Denial of Service: Disrupting the Feast

Imagine a scenario where the First Thanksgiving was interrupted or sabotaged, preventing it from occurring. This is similar to a Denial of Service attack in the cyber world, where resources are overwhelmed to disrupt normal services. Ensuring the availability and resilience of services is as crucial now as it was for the smooth running of that historical event.

Elevation of Privilege: Usurping Authority

An individual at the First Thanksgiving seeking to gain higher authority or control than they were entitled to mirrors the elevation of privilege in the software context. This could disrupt the social order and decision-making, leading to unauthorised access and control in a system. Limiting privileges and implementing strict access controls is a timeless strategy relevant in historical and modern contexts.

Conclusion

By examining the First Thanksgiving through the STRIDE threat model lens, we gain a unique perspective on a pivotal event in history and reinforce our understanding of fundamental security principles in software development. This exercise underscores the universality of security concerns, whether at a historical gathering or in the digital realm. As software professionals, it's a reminder of the timeless nature of the principles we apply daily. Let's continue to learn from the past to secure our future!

Improve Your Threat Modelling with Tutamantic's Expert Solutions



At Tutamantic, we understand the critical importance of robust threat modelling in today's fast-paced software development environment. That's why we offer three specialised products designed to empower developers, designers, and architects to create more secure systems:

 

  1. Threat Model Training: Dive into our comprehensive training program and learn how to supercharge your manual threat modelling skills with our Rapid Threat Model Prototyping (RTMP) methodology. This training is tailored to enhance your understanding and application of advanced threat modelling techniques, ensuring you stay ahead in cybersecurity.

 

  1. Tutamen Automation Product: Our cutting-edge automation tool takes your RTMP to the next level. The Tutamen Automation Product is designed to supercharge your Rapid Threat Model Prototyping process, streamlining and enhancing efficiency. This tool helps identify potential threats faster and more accurately, enabling you to focus on crafting robust security solutions.

 

  1. Consultancy Services: Integrate threat modelling seamlessly into your build workflows with our expert consultancy services. Our seasoned professional works closely with your organisation, providing tailored guidance and strategies to tightly incorporate threat modelling into your development processes. This service ensures your security posture is strong and resilient against emerging threats.

 

Leverage Tutamantic's expertise to fortify your software development against the ever-evolving landscape of cyber threats. Contact us today to learn more about how our products can transform your approach to threat modelling.