Skip to main content
Glama

DollhouseMCP

by DollhouseMCP
npmGitHub
TypeScript
359
8
  • Apple
  • Linux
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
threat-modeling.mdโ€ข13.4 kB
--- name: "Threat Modeling" description: "Systematic approach to identifying, analyzing, and mitigating security threats in systems and applications" type: "skill" version: "1.0.0" author: "DollhouseMCP" created: "2025-07-23" category: "security" tags: ["threat-modeling", "security-analysis", "risk-assessment", "architecture", "security-design"] proficiency_levels: beginner: "Basic threat identification using simple frameworks" intermediate: "STRIDE methodology and attack tree analysis" advanced: "Custom frameworks and quantitative risk modeling" parameters: methodology: type: "string" description: "Threat modeling methodology" default: "STRIDE" enum: ["STRIDE", "PASTA", "OCTAVE", "TRIKE", "VAST", "hybrid"] scope: type: "string" description: "Analysis scope" default: "application" enum: ["application", "system", "network", "organization", "supply_chain"] risk_appetite: type: "string" description: "Organization's risk tolerance" default: "moderate" enum: ["low", "moderate", "high", "very_high"] compliance_requirements: type: "array" description: "Regulatory requirements to consider" default: [] enum: ["PCI-DSS", "HIPAA", "GDPR", "SOX", "ISO27001", "NIST"] _dollhouseMCPTest: true _testMetadata: suite: "bundled-test-data" purpose: "General test data for DollhouseMCP system validation" created: "2025-08-20" version: "1.0.0" migrated: "2025-08-20T23:47:24.347Z" originalPath: "data/skills/threat-modeling.md" --- # Threat Modeling Skill This skill provides systematic threat modeling capabilities using industry-standard methodologies to identify, analyze, and prioritize security threats in complex systems. ## Core Capabilities ### 1. Threat Identification - **Asset Inventory**: Critical data, systems, and processes - **Attack Surface Mapping**: Entry points and interfaces - **Threat Actor Profiling**: Capabilities, motivations, and resources - **Attack Vector Analysis**: Potential paths to compromise ### 2. Risk Assessment - **Likelihood Evaluation**: Probability of successful attacks - **Impact Analysis**: Business and technical consequences - **Risk Prioritization**: Cost-benefit analysis for mitigations - **Quantitative Modeling**: Expected annual loss calculations ### 3. Mitigation Strategy - **Control Selection**: Preventive, detective, and corrective controls - **Defense in Depth**: Layered security architecture - **Residual Risk**: Remaining risk after mitigations - **Continuous Monitoring**: Threat landscape evolution ### 4. Documentation & Communication - **Threat Models**: Visual representations and narratives - **Risk Registers**: Centralized risk tracking - **Security Requirements**: Derived from threat analysis - **Executive Reporting**: Business-focused risk communication ## Threat Modeling Methodologies ### STRIDE Framework ``` SPOOFING โ”œโ”€โ”€ Identity spoofing attacks โ”œโ”€โ”€ Authentication bypass โ”œโ”€โ”€ Impersonation threats โ””โ”€โ”€ Credential theft scenarios TAMPERING โ”œโ”€โ”€ Data integrity attacks โ”œโ”€โ”€ Man-in-the-middle โ”œโ”€โ”€ Code injection โ””โ”€โ”€ Configuration manipulation REPUDIATION โ”œโ”€โ”€ Non-repudiation failures โ”œโ”€โ”€ Log tampering โ”œโ”€โ”€ Audit trail gaps โ””โ”€โ”€ Transaction disputes INFORMATION DISCLOSURE โ”œโ”€โ”€ Data exposure โ”œโ”€โ”€ Privacy violations โ”œโ”€โ”€ Information leakage โ””โ”€โ”€ Unauthorized access DENIAL OF SERVICE โ”œโ”€โ”€ Resource exhaustion โ”œโ”€โ”€ Service disruption โ”œโ”€โ”€ Availability attacks โ””โ”€โ”€ Performance degradation ELEVATION OF PRIVILEGE โ”œโ”€โ”€ Privilege escalation โ”œโ”€โ”€ Authorization bypass โ”œโ”€โ”€ Administrative access โ””โ”€โ”€ System compromise ``` ### PASTA (Process for Attack Simulation and Threat Analysis) ``` Stage 1: Define Objectives โ€ข Business impact analysis โ€ข Compliance requirements โ€ข Security objectives โ€ข Success criteria Stage 2: Define Technical Scope โ€ข Application architecture โ€ข Technology stack โ€ข Network topology โ€ข Data flows Stage 3: Application Decomposition โ€ข Use cases and user roles โ€ข Entry and exit points โ€ข Trust boundaries โ€ข Dependencies Stage 4: Threat Analysis โ€ข Attack scenarios โ€ข Threat agent capabilities โ€ข Attack vectors โ€ข Vulnerability correlation Stage 5: Weakness Analysis โ€ข Design flaws โ€ข Implementation bugs โ€ข Configuration errors โ€ข Process weaknesses Stage 6: Attack Modeling โ€ข Attack trees โ€ข Kill chains โ€ข Attack scenarios โ€ข Exploitation paths Stage 7: Risk Analysis โ€ข Business impact โ€ข Technical impact โ€ข Likelihood assessment โ€ข Risk scoring ``` ## Threat Modeling Process ### Phase 1: System Understanding ``` Architecture Analysis: โ€ข System boundaries and scope โ€ข Data flow diagrams (DFDs) โ€ข Trust boundaries identification โ€ข External dependencies mapping Components Inventory: โ€ข Web servers and applications โ€ข Databases and data stores โ€ข Network infrastructure โ€ข Third-party services โ€ข Human processes Data Classification: โ€ข Sensitive data identification โ€ข Data flow mapping โ€ข Storage locations โ€ข Processing activities โ€ข Retention requirements ``` ### Phase 2: Threat Identification ``` Threat Enumeration: Using STRIDE per element: Process Threats: โ”œโ”€โ”€ Spoofing: Fake service instances โ”œโ”€โ”€ Tampering: Code injection attacks โ”œโ”€โ”€ Repudiation: Log manipulation โ”œโ”€โ”€ Information Disclosure: Memory dumps โ”œโ”€โ”€ Denial of Service: Resource exhaustion โ””โ”€โ”€ Elevation of Privilege: Buffer overflows Data Store Threats: โ”œโ”€โ”€ Spoofing: Rogue databases โ”œโ”€โ”€ Tampering: Direct DB access โ”œโ”€โ”€ Repudiation: Audit trail gaps โ”œโ”€โ”€ Information Disclosure: Data dumps โ”œโ”€โ”€ Denial of Service: Storage exhaustion โ””โ”€โ”€ Elevation of Privilege: DB admin access Data Flow Threats: โ”œโ”€โ”€ Spoofing: Man-in-the-middle โ”œโ”€โ”€ Tampering: Packet modification โ”œโ”€โ”€ Repudiation: Message alteration โ”œโ”€โ”€ Information Disclosure: Eavesdropping โ”œโ”€โ”€ Denial of Service: Connection flooding โ””โ”€โ”€ Elevation of Privilege: Protocol exploits ``` ### Phase 3: Risk Analysis ``` Likelihood Assessment: โ€ข Threat actor capabilities โ€ข Attack complexity โ€ข Required resources โ€ข Detection probability โ€ข Success rate Impact Assessment: โ€ข Confidentiality impact โ€ข Integrity impact โ€ข Availability impact โ€ข Business disruption โ€ข Regulatory violations โ€ข Reputation damage Risk Calculation: Risk = Likelihood ร— Impact ร— Vulnerability Where: โ€ข Likelihood: 1-5 scale (Very Low to Very High) โ€ข Impact: 1-5 scale (Minimal to Catastrophic) โ€ข Vulnerability: 0.1-1.0 (Well Protected to Exposed) ``` ### Phase 4: Mitigation Planning ``` Control Categories: PREVENTIVE CONTROLS: โ€ข Input validation โ€ข Authentication mechanisms โ€ข Authorization checks โ€ข Encryption implementation โ€ข Network segmentation DETECTIVE CONTROLS: โ€ข Logging and monitoring โ€ข Intrusion detection โ€ข Anomaly detection โ€ข Security scanning โ€ข Audit mechanisms CORRECTIVE CONTROLS: โ€ข Incident response โ€ข Backup and recovery โ€ข Patch management โ€ข Configuration management โ€ข Business continuity DETERRENT CONTROLS: โ€ข Security policies โ€ข Legal agreements โ€ข Awareness training โ€ข Physical security โ€ข Compliance monitoring ``` ## Attack Tree Analysis ### Example: Web Application Login Bypass ``` Goal: Gain Unauthorized Access to User Account OR โ”œโ”€โ”€ Credential-based Attacks โ”‚ OR โ”‚ โ”œโ”€โ”€ Password Attacks โ”‚ โ”‚ OR โ”‚ โ”‚ โ”œโ”€โ”€ Brute Force (AND) โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ No account lockout โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ Weak password policy โ”‚ โ”‚ โ”‚ โ””โ”€โ”€ No rate limiting โ”‚ โ”‚ โ”œโ”€โ”€ Dictionary Attack (AND) โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ Common passwords used โ”‚ โ”‚ โ”‚ โ””โ”€โ”€ No complexity requirements โ”‚ โ”‚ โ””โ”€โ”€ Credential Stuffing (AND) โ”‚ โ”‚ โ”œโ”€โ”€ Breached credentials available โ”‚ โ”‚ โ””โ”€โ”€ Users reuse passwords โ”‚ โ””โ”€โ”€ Social Engineering (AND) โ”‚ โ”œโ”€โ”€ Phishing successful โ”‚ โ”œโ”€โ”€ User provides credentials โ”‚ โ””โ”€โ”€ No 2FA implemented โ”‚ โ”œโ”€โ”€ Technical Vulnerabilities โ”‚ OR โ”‚ โ”œโ”€โ”€ SQL Injection (AND) โ”‚ โ”‚ โ”œโ”€โ”€ Unparameterized queries โ”‚ โ”‚ โ”œโ”€โ”€ Insufficient input validation โ”‚ โ”‚ โ””โ”€โ”€ Database errors exposed โ”‚ โ”œโ”€โ”€ Session Management (AND) โ”‚ โ”‚ โ”œโ”€โ”€ Session fixation possible โ”‚ โ”‚ โ”œโ”€โ”€ Weak session tokens โ”‚ โ”‚ โ””โ”€โ”€ No session timeout โ”‚ โ””โ”€โ”€ Authentication Bypass (AND) โ”‚ โ”œโ”€โ”€ Logic flaws in auth code โ”‚ โ”œโ”€โ”€ Race conditions โ”‚ โ””โ”€โ”€ Parameter tampering โ”‚ โ””โ”€โ”€ Infrastructure Attacks OR โ”œโ”€โ”€ Network Interception (AND) โ”‚ โ”œโ”€โ”€ Unencrypted traffic โ”‚ โ”œโ”€โ”€ Man-in-the-middle position โ”‚ โ””โ”€โ”€ Credential capture tools โ””โ”€โ”€ System Compromise (AND) โ”œโ”€โ”€ Server vulnerability โ”œโ”€โ”€ Privilege escalation โ””โ”€โ”€ Database access ``` ## Threat Intelligence Integration ### Threat Actor Profiles ``` NATION-STATE ACTORS: โ€ข Capabilities: Advanced persistent threats โ€ข Motivations: Espionage, infrastructure disruption โ€ข Resources: Significant funding and expertise โ€ข Typical TTPs: Zero-day exploits, supply chain attacks CYBERCRIMINALS: โ€ข Capabilities: Sophisticated tools and techniques โ€ข Motivations: Financial gain โ€ข Resources: Organized crime networks โ€ข Typical TTPs: Ransomware, banking trojans, fraud INSIDER THREATS: โ€ข Capabilities: Authorized access and knowledge โ€ข Motivations: Financial, ideological, revenge โ€ข Resources: System access and credentials โ€ข Typical TTPs: Data exfiltration, sabotage HACKTIVISTS: โ€ข Capabilities: Moderate technical skills โ€ข Motivations: Political or social causes โ€ข Resources: Community support โ€ข Typical TTPs: DDoS, website defacement, leaks SCRIPT KIDDIES: โ€ข Capabilities: Limited technical skills โ€ข Motivations: Curiosity, recognition โ€ข Resources: Publicly available tools โ€ข Typical TTPs: Automated attacks, known exploits ``` ## Output Formats ### Executive Threat Model Summary ``` THREAT MODEL EXECUTIVE SUMMARY System: [Application/System Name] Date: [Assessment Date] Methodology: STRIDE + Attack Trees RISK SUMMARY: โ€ข Critical Risks: X โ€ข High Risks: Y โ€ข Medium Risks: Z โ€ข Low Risks: W TOP THREATS: 1. [Threat Name] - Risk Score: X.X Impact: [Business consequence] Likelihood: [Probability assessment] 2. [Threat Name] - Risk Score: X.X Impact: [Business consequence] Likelihood: [Probability assessment] 3. [Threat Name] - Risk Score: X.X Impact: [Business consequence] Likelihood: [Probability assessment] RECOMMENDED MITIGATIONS: 1. [Priority 1 Control] - Addresses X threats 2. [Priority 2 Control] - Addresses Y threats 3. [Priority 3 Control] - Addresses Z threats RESIDUAL RISK: [Acceptable/Needs Review/Unacceptable] ``` ### Technical Threat Analysis ``` THREAT: [Specific Threat Name] ID: THR-001 STRIDE Category: [S/T/R/I/D/E] DESCRIPTION: [Detailed threat scenario description] AFFECTED ASSETS: โ€ข [Asset 1] - [Impact type] โ€ข [Asset 2] - [Impact type] THREAT ACTORS: โ€ข [Actor Type] - [Capability Level] โ€ข [Motivation] - [Resource Level] ATTACK VECTORS: 1. [Vector 1] - [Complexity: Low/Medium/High] 2. [Vector 2] - [Complexity: Low/Medium/High] PREREQUISITES: โ€ข [Condition 1] โ€ข [Condition 2] IMPACT ANALYSIS: โ€ข Confidentiality: [High/Medium/Low] โ€ข Integrity: [High/Medium/Low] โ€ข Availability: [High/Medium/Low] โ€ข Business Impact: [Description] LIKELIHOOD ASSESSMENT: โ€ข Attack Complexity: [Low/Medium/High] โ€ข Required Skills: [Basic/Intermediate/Advanced] โ€ข Required Access: [None/User/Admin] โ€ข Overall Likelihood: [1-5 scale] EXISTING CONTROLS: โ€ข [Control 1] - [Effectiveness: High/Medium/Low] โ€ข [Control 2] - [Effectiveness: High/Medium/Low] RECOMMENDED MITIGATIONS: 1. [Mitigation 1] - [Cost: $X, Effort: Y days] 2. [Mitigation 2] - [Cost: $X, Effort: Y days] ACCEPTANCE CRITERIA: [Conditions under which residual risk is acceptable] ``` ## Integration Capabilities ### Works Best With: - **Security Analyst Persona**: Strategic security expertise - **Penetration Testing Skill**: Validation of identified threats - **Code Review Skills**: Implementation vulnerability correlation - **Risk Assessment Templates**: Consistent risk documentation - **Architecture Documentation**: System understanding ### Tool Integration: - **Microsoft Threat Modeling Tool**: Visual diagram creation - **OWASP Threat Dragon**: Web-based threat modeling - **IriusRisk**: Automated threat identification - **ThreatModeler**: Enterprise threat modeling platform ## Continuous Threat Modeling ### Iterative Process: 1. **Initial Assessment**: Baseline threat model creation 2. **Regular Reviews**: Quarterly threat landscape updates 3. **Change Triggers**: Architecture modifications, new threats 4. **Validation Testing**: Penetration testing correlation 5. **Metrics Tracking**: Threat model effectiveness measurement ### Automation Opportunities: - **Asset Discovery**: Automated inventory updates - **Threat Intelligence**: Feed integration for new threats - **Control Validation**: Automated testing of mitigations - **Risk Scoring**: Dynamic risk calculation updates

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DollhouseMCP/DollhouseMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server