How to Think About Threat Modeling

When we talk about a "threat," it doesn’t seem like a word that usually applies to computing, right? In fact, when we say threat in the context of computing, we mean any actor that would deliberately cause your program to behave in an unintended way.

Now, this definition is vague enough that it could cover almost anyone, right? Fortunately not. But we have an obligation when we write software to take some time to think diligently about what we’re going to build, why we’re going to make it, what we want to accomplish, and most importantly, who would want to work against it. This is the crucial problem that Conclave is uniquely poised to solve.

So who would want our programs to fail? Adversaries. Simple enough, you say, but what kinds of adversaries could we face?

Most of the time in our regular lives, we imagine an adversary as a random hacker or a person who has managed to get ahold of our password. Usually this only results in some embarrassing social media posts, but this is a very narrow view of hacking. Sometimes even legitimate actors have an interest in going after digital assets. In fact, it’s estimated that 20% of all social media accounts will be compromised at some point.

Let’s get more specific as there are many different kinds of bad actors to be aware of. Here are some examples:

Organized Criminals - sophisticated private groups that hack websites to steal or collect money for free
Cyber Terrorists - these are groups that are interested in spreading fear, uncertainty, doubt, or harming the reputations of others
Inside Agents - these are malicious actors who happen to be a part of the institution. For example, this could be someone at Facebook misusing their account tools.
State-Sponsored Actors - governments and government-funded groups with theoretically infinite money looking to accomplish a specific task or cripple a target
Script Kiddies - this is a term referring to people who are either inexperienced or learning about hacking, so they download tools and try breaking whatever is out there to see what happens
Hacktivists - these are individuals with some political goal or message they want to convey and use hacking as a means
Human Error - it may sound silly, but there are too many instances to count where human error or just software bugs cause crucial mistakes that can take down entire institutions

One additional category of bad actors should also be discussed: industrial actors who deliberately choose to create software that knowingly misrepresents the truth to users in order to profit. Data itself can even be misused by others who maintain platforms for you. Cybercrime can be much harder to spot until it’s too late (see movies like Office Space (1999) for an example). Conclave exists to create the safest possible computing environment that could ever be made—a checksum-verified segment of code that can only be run within the processor, where everything outside the processor is ASSUMED to be hostile.

Here’s how it works:

You and your counterparties write and agree on a set of software you want to run.
You hash this code and create a unique remote attestation.
Every time a user interacts with this code, the remote attestation is recreated at the enclave level, so the user knows the enclave is legitimate.
The host of the enclave has no visibility into what the enclave is doing or what inputs or outputs the enclave is working with.
Users can compute with confidence, knowing that the code that’s running is exactly what they expect.

And it’s that simple! I hope this blog post was interesting for you, and as always, happy coding.