@dollhousemcp/mcp-server
Version:
DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.
474 lines (402 loc) • 13.4 kB
Markdown
name: "Threat Modeling"
description: "Systematic approach to identifying, analyzing, and mitigating security threats in systems and applications"
type: "skill"
version: "1.0.0"
author: "DollhouseMCP"
created: "2025-07-23"
category: "security"
tags: ["threat-modeling", "security-analysis", "risk-assessment", "architecture", "security-design"]
proficiency_levels:
beginner: "Basic threat identification using simple frameworks"
intermediate: "STRIDE methodology and attack tree analysis"
advanced: "Custom frameworks and quantitative risk modeling"
parameters:
methodology:
type: "string"
description: "Threat modeling methodology"
default: "STRIDE"
enum: ["STRIDE", "PASTA", "OCTAVE", "TRIKE", "VAST", "hybrid"]
scope:
type: "string"
description: "Analysis scope"
default: "application"
enum: ["application", "system", "network", "organization", "supply_chain"]
risk_appetite:
type: "string"
description: "Organization's risk tolerance"
default: "moderate"
enum: ["low", "moderate", "high", "very_high"]
compliance_requirements:
type: "array"
description: "Regulatory requirements to consider"
default: []
enum: ["PCI-DSS", "HIPAA", "GDPR", "SOX", "ISO27001", "NIST"]
suite: "bundled-test-data"
purpose: "General test data for DollhouseMCP system validation"
created: "2025-08-20"
version: "1.0.0"
migrated: "2025-08-20T23:47:24.347Z"
originalPath: "data/skills/threat-modeling.md"
# Threat Modeling Skill
This skill provides systematic threat modeling capabilities using industry-standard methodologies to identify, analyze, and prioritize security threats in complex systems.
## Core Capabilities
### 1. Threat Identification
- **Asset Inventory**: Critical data, systems, and processes
- **Attack Surface Mapping**: Entry points and interfaces
- **Threat Actor Profiling**: Capabilities, motivations, and resources
- **Attack Vector Analysis**: Potential paths to compromise
### 2. Risk Assessment
- **Likelihood Evaluation**: Probability of successful attacks
- **Impact Analysis**: Business and technical consequences
- **Risk Prioritization**: Cost-benefit analysis for mitigations
- **Quantitative Modeling**: Expected annual loss calculations
### 3. Mitigation Strategy
- **Control Selection**: Preventive, detective, and corrective controls
- **Defense in Depth**: Layered security architecture
- **Residual Risk**: Remaining risk after mitigations
- **Continuous Monitoring**: Threat landscape evolution
### 4. Documentation & Communication
- **Threat Models**: Visual representations and narratives
- **Risk Registers**: Centralized risk tracking
- **Security Requirements**: Derived from threat analysis
- **Executive Reporting**: Business-focused risk communication
## Threat Modeling Methodologies
### STRIDE Framework
```
SPOOFING
├── Identity spoofing attacks
├── Authentication bypass
├── Impersonation threats
└── Credential theft scenarios
TAMPERING
├── Data integrity attacks
├── Man-in-the-middle
├── Code injection
└── Configuration manipulation
REPUDIATION
├── Non-repudiation failures
├── Log tampering
├── Audit trail gaps
└── Transaction disputes
INFORMATION DISCLOSURE
├── Data exposure
├── Privacy violations
├── Information leakage
└── Unauthorized access
DENIAL OF SERVICE
├── Resource exhaustion
├── Service disruption
├── Availability attacks
└── Performance degradation
ELEVATION OF PRIVILEGE
├── Privilege escalation
├── Authorization bypass
├── Administrative access
└── System compromise
```
### PASTA (Process for Attack Simulation and Threat Analysis)
```
Stage 1: Define Objectives
• Business impact analysis
• Compliance requirements
• Security objectives
• Success criteria
Stage 2: Define Technical Scope
• Application architecture
• Technology stack
• Network topology
• Data flows
Stage 3: Application Decomposition
• Use cases and user roles
• Entry and exit points
• Trust boundaries
• Dependencies
Stage 4: Threat Analysis
• Attack scenarios
• Threat agent capabilities
• Attack vectors
• Vulnerability correlation
Stage 5: Weakness Analysis
• Design flaws
• Implementation bugs
• Configuration errors
• Process weaknesses
Stage 6: Attack Modeling
• Attack trees
• Kill chains
• Attack scenarios
• Exploitation paths
Stage 7: Risk Analysis
• Business impact
• Technical impact
• Likelihood assessment
• Risk scoring
```
## Threat Modeling Process
### Phase 1: System Understanding
```
Architecture Analysis:
• System boundaries and scope
• Data flow diagrams (DFDs)
• Trust boundaries identification
• External dependencies mapping
Components Inventory:
• Web servers and applications
• Databases and data stores
• Network infrastructure
• Third-party services
• Human processes
Data Classification:
• Sensitive data identification
• Data flow mapping
• Storage locations
• Processing activities
• Retention requirements
```
### Phase 2: Threat Identification
```
Threat Enumeration:
Using STRIDE per element:
Process Threats:
├── Spoofing: Fake service instances
├── Tampering: Code injection attacks
├── Repudiation: Log manipulation
├── Information Disclosure: Memory dumps
├── Denial of Service: Resource exhaustion
└── Elevation of Privilege: Buffer overflows
Data Store Threats:
├── Spoofing: Rogue databases
├── Tampering: Direct DB access
├── Repudiation: Audit trail gaps
├── Information Disclosure: Data dumps
├── Denial of Service: Storage exhaustion
└── Elevation of Privilege: DB admin access
Data Flow Threats:
├── Spoofing: Man-in-the-middle
├── Tampering: Packet modification
├── Repudiation: Message alteration
├── Information Disclosure: Eavesdropping
├── Denial of Service: Connection flooding
└── Elevation of Privilege: Protocol exploits
```
### Phase 3: Risk Analysis
```
Likelihood Assessment:
• Threat actor capabilities
• Attack complexity
• Required resources
• Detection probability
• Success rate
Impact Assessment:
• Confidentiality impact
• Integrity impact
• Availability impact
• Business disruption
• Regulatory violations
• Reputation damage
Risk Calculation:
Risk = Likelihood × Impact × Vulnerability
Where:
• Likelihood: 1-5 scale (Very Low to Very High)
• Impact: 1-5 scale (Minimal to Catastrophic)
• Vulnerability: 0.1-1.0 (Well Protected to Exposed)
```
### Phase 4: Mitigation Planning
```
Control Categories:
PREVENTIVE CONTROLS:
• Input validation
• Authentication mechanisms
• Authorization checks
• Encryption implementation
• Network segmentation
DETECTIVE CONTROLS:
• Logging and monitoring
• Intrusion detection
• Anomaly detection
• Security scanning
• Audit mechanisms
CORRECTIVE CONTROLS:
• Incident response
• Backup and recovery
• Patch management
• Configuration management
• Business continuity
DETERRENT CONTROLS:
• Security policies
• Legal agreements
• Awareness training
• Physical security
• Compliance monitoring
```
## Attack Tree Analysis
### Example: Web Application Login Bypass
```
Goal: Gain Unauthorized Access to User Account
OR
├── Credential-based Attacks
│ OR
│ ├── Password Attacks
│ │ OR
│ │ ├── Brute Force (AND)
│ │ │ ├── No account lockout
│ │ │ ├── Weak password policy
│ │ │ └── No rate limiting
│ │ ├── Dictionary Attack (AND)
│ │ │ ├── Common passwords used
│ │ │ └── No complexity requirements
│ │ └── Credential Stuffing (AND)
│ │ ├── Breached credentials available
│ │ └── Users reuse passwords
│ └── Social Engineering (AND)
│ ├── Phishing successful
│ ├── User provides credentials
│ └── No 2FA implemented
│
├── Technical Vulnerabilities
│ OR
│ ├── SQL Injection (AND)
│ │ ├── Unparameterized queries
│ │ ├── Insufficient input validation
│ │ └── Database errors exposed
│ ├── Session Management (AND)
│ │ ├── Session fixation possible
│ │ ├── Weak session tokens
│ │ └── No session timeout
│ └── Authentication Bypass (AND)
│ ├── Logic flaws in auth code
│ ├── Race conditions
│ └── Parameter tampering
│
└── Infrastructure Attacks
OR
├── Network Interception (AND)
│ ├── Unencrypted traffic
│ ├── Man-in-the-middle position
│ └── Credential capture tools
└── System Compromise (AND)
├── Server vulnerability
├── Privilege escalation
└── Database access
```
## Threat Intelligence Integration
### Threat Actor Profiles
```
NATION-STATE ACTORS:
• Capabilities: Advanced persistent threats
• Motivations: Espionage, infrastructure disruption
• Resources: Significant funding and expertise
• Typical TTPs: Zero-day exploits, supply chain attacks
CYBERCRIMINALS:
• Capabilities: Sophisticated tools and techniques
• Motivations: Financial gain
• Resources: Organized crime networks
• Typical TTPs: Ransomware, banking trojans, fraud
INSIDER THREATS:
• Capabilities: Authorized access and knowledge
• Motivations: Financial, ideological, revenge
• Resources: System access and credentials
• Typical TTPs: Data exfiltration, sabotage
HACKTIVISTS:
• Capabilities: Moderate technical skills
• Motivations: Political or social causes
• Resources: Community support
• Typical TTPs: DDoS, website defacement, leaks
SCRIPT KIDDIES:
• Capabilities: Limited technical skills
• Motivations: Curiosity, recognition
• Resources: Publicly available tools
• Typical TTPs: Automated attacks, known exploits
```
## Output Formats
### Executive Threat Model Summary
```
THREAT MODEL EXECUTIVE SUMMARY
System: [Application/System Name]
Date: [Assessment Date]
Methodology: STRIDE + Attack Trees
RISK SUMMARY:
• Critical Risks: X
• High Risks: Y
• Medium Risks: Z
• Low Risks: W
TOP THREATS:
1. [Threat Name] - Risk Score: X.X
Impact: [Business consequence]
Likelihood: [Probability assessment]
2. [Threat Name] - Risk Score: X.X
Impact: [Business consequence]
Likelihood: [Probability assessment]
3. [Threat Name] - Risk Score: X.X
Impact: [Business consequence]
Likelihood: [Probability assessment]
RECOMMENDED MITIGATIONS:
1. [Priority 1 Control] - Addresses X threats
2. [Priority 2 Control] - Addresses Y threats
3. [Priority 3 Control] - Addresses Z threats
RESIDUAL RISK: [Acceptable/Needs Review/Unacceptable]
```
### Technical Threat Analysis
```
THREAT: [Specific Threat Name]
ID: THR-001
STRIDE Category: [S/T/R/I/D/E]
DESCRIPTION:
[Detailed threat scenario description]
AFFECTED ASSETS:
• [Asset 1] - [Impact type]
• [Asset 2] - [Impact type]
THREAT ACTORS:
• [Actor Type] - [Capability Level]
• [Motivation] - [Resource Level]
ATTACK VECTORS:
1. [Vector 1] - [Complexity: Low/Medium/High]
2. [Vector 2] - [Complexity: Low/Medium/High]
PREREQUISITES:
• [Condition 1]
• [Condition 2]
IMPACT ANALYSIS:
• Confidentiality: [High/Medium/Low]
• Integrity: [High/Medium/Low]
• Availability: [High/Medium/Low]
• Business Impact: [Description]
LIKELIHOOD ASSESSMENT:
• Attack Complexity: [Low/Medium/High]
• Required Skills: [Basic/Intermediate/Advanced]
• Required Access: [None/User/Admin]
• Overall Likelihood: [1-5 scale]
EXISTING CONTROLS:
• [Control 1] - [Effectiveness: High/Medium/Low]
• [Control 2] - [Effectiveness: High/Medium/Low]
RECOMMENDED MITIGATIONS:
1. [Mitigation 1] - [Cost: $X, Effort: Y days]
2. [Mitigation 2] - [Cost: $X, Effort: Y days]
ACCEPTANCE CRITERIA:
[Conditions under which residual risk is acceptable]
```
## Integration Capabilities
### Works Best With:
- **Security Analyst Persona**: Strategic security expertise
- **Penetration Testing Skill**: Validation of identified threats
- **Code Review Skills**: Implementation vulnerability correlation
- **Risk Assessment Templates**: Consistent risk documentation
- **Architecture Documentation**: System understanding
### Tool Integration:
- **Microsoft Threat Modeling Tool**: Visual diagram creation
- **OWASP Threat Dragon**: Web-based threat modeling
- **IriusRisk**: Automated threat identification
- **ThreatModeler**: Enterprise threat modeling platform
## Continuous Threat Modeling
### Iterative Process:
1. **Initial Assessment**: Baseline threat model creation
2. **Regular Reviews**: Quarterly threat landscape updates
3. **Change Triggers**: Architecture modifications, new threats
4. **Validation Testing**: Penetration testing correlation
5. **Metrics Tracking**: Threat model effectiveness measurement
### Automation Opportunities:
- **Asset Discovery**: Automated inventory updates
- **Threat Intelligence**: Feed integration for new threats
- **Control Validation**: Automated testing of mitigations
- **Risk Scoring**: Dynamic risk calculation updates