Threat Modeling in 2018: Attacks, Impacts and Other Updates

Conference:  BlackHat USA 2018



The presentation discusses the evolving nature of threat modeling and the importance of considering conflict in cybersecurity. It emphasizes the need for expertise in human behavior and effective design patterns to address these issues.
  • Threat modeling is evolving and new variants are emerging
  • Adversarial machine learning is becoming more prevalent and poses a threat to cybersecurity
  • Conflict is looming over the cybersecurity industry and needs to be addressed
  • Effective threat modeling requires expertise in human behavior and the use of design patterns
The presentation cites the example of Yelp's response to a social conflict involving the Red Hen restaurant. Yelp made technical decisions to address the conflict, such as creating a page to address the issue and putting reviews into review rather than locking them for a set period of time. This illustrates the importance of considering conflict in cybersecurity and the need for effective design patterns.


Attacks always get better, and that means your threat modeling needs to evolve. This talk looks at what's new and important in threat modeling, organizes it into a simple conceptual framework, and makes it actionable. This includes new properties of systems being attacked, new attack techniques (like biometrics confused by LEDs) and a growing importance of threats to and/or through social media platforms and features. Take home ways to ensure your security engineering and threat modeling practices are up-to-date.