Chapter 1. Modeling Systems
All models are wrong, but some are useful.
G. E. P. Box, “Science and Statistics,” Journal of the American Statistical Association, 71 (356), 791–799, doi:10.1080/01621459.1976.10480949.
System modeling (creating abstractions or representations of a system) is an important first step in the threat modeling process. The information you gather from the system model provides the input for analysis during the threat modeling activity.
In this chapter we’ll cover different types of system models, the reasons why you might choose to use one model type over another, and guidance for creating the most effective system models. Expert proficiency of system model construction will inform your threat models and lead to more precise and effective analysis and threat identification.
Note
Throughout this chapter, we use the words model or modeling to mean an abstraction or representation of a system, its components, and interactions.
Why We Create System Models
Imagine, if you will, a group of Benedictine monks looking at the monastic church of St. Gall and then at a manuscript, back and forth. At some point, one turns to the others and says, “Well, listen, it was not a plan per se. It was more like a ‘two-dimensional meditation on the ideal early medieval monastic community.’”1 Such is the purpose associated with the Plan of St. Gall, currently recognized as the oldest preserved 2D visualization and plan of a building complex. The church looks very different ...