Denim Group has been acquired by Coalfire. Learn More>>

Death Star Threat Modeling

By Kevin W., CISSP


In the field of Information Security, the terms vulnerability, threat, and risk have very specific meanings and are often misapplied when discussing InfoSec projects. Below are the very simplified definitions of these terms:

  • Vulnerability is a weakness that could be used to cause harm
  • Threat is anything that actually causes harm
  • Risk is the likelihood that the harm will occur

Put another way, risk is the chance that a threat will attack or exploit a vulnerability. My favorite way of teaching this is to put it in terms of the Death Star Trench Run from Star Wars.

  • The vulnerability of the Death Star was the two meter-wide thermal exhaust port that’s shaft lead directly to the reactor system
  • The threat to the Death Star was the Rebel Alliance’s X-wing star-fighters
  • The risk was the slim chance that a small one-man fighter could penetrate the outer defenses, use a proton torpedo to score a precise hit, and start a chain reaction that will destroy the battle station

The Empire’s flawed threat modeling had led them to design their defenses around a direct large-scale assault by capital ships.  They felt the Death Star’s shielding and turbo-lasers would be enough to mitigate the risk, but they had modeled for the wrong threat. The shielding had gaps big enough for the X-wings to pass through, and the turbo-lasers were inaccurate against the swift fighters.  The Empire had to eventually deploy their TIE Fighters as a countermeasure to stop the Rebels.

However, regardless of how good your threat modeling is, information security professionals know there is always the possibility of attack vectors they never planned for.  This is exactly what happened at the Battle of Yavin; little did the Empire know that Luke was about to use The Force, the ultimate zero-day exploit.

-Kevin W., CISSP

About Dan Cornell

Dan Cornell Web Resolution

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

4 Responses to “Death Star Threat Modeling”

  1. Donnie

    Very nicely done! Easy to understand and a very entertaining read for a Star Wars nerd like me. :)

  2. HOPE Attendee

    Hello Kevin,

    Were you going to release your slide show that you gave at HOPE? I would love to give it to some of my more risky developers.

  3. Chris

    The death star had a number of security issues as well as the exhaust vulnerability.

    1. Identity management was terrible, anyone could just walk around in a stolen stormtrooper outfit.

    2. Ship searching procedures were not great, examples of security incidents are the hijackings during a ship search.

    3. Authentication, there are no encryption or authentication mechanisms on any of the computer terminals, the controls for the tractor beam, the controls in the prison block or anywhere else.

    4. Physical, there are no authentication mechanisms on any of the doors so anyone can go anywhere in the station.

  4. web page

    Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates. I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

Leave a Reply

Your email address will not be published. Required fields are marked *