// Enforces systematic threat modeling for Black Trigram using STRIDE, MITRE ATT&CK, and attack trees — maintains THREAT_MODEL.md and FUTURE_THREAT_MODEL.md aligned with Hack23 Threat Modeling Policy and Secure Development Policy §3.2
Enforces C4 Architecture Model documentation standards for Black Trigram. Ensures ARCHITECTURE.md, DATA_MODEL.md, FLOWCHART.md, STATEDIAGRAM.md, MINDMAP.md, SWOT.md and their FUTURE_* variants are maintained with strategic, rule-based principles.
Enforces WCAG 2.1 Level AA accessibility for Black Trigram — semantic HTML, ARIA, keyboard navigation, 4.5:1/3:1 contrast, screen reader support, and prefers-reduced-motion for inclusive Korean martial arts gameplay
Enforces AI governance for Black Trigram — transparent and accountable AI-assisted development aligned with Hack23 AI Governance Policy, EU AI Act, NIST AI RMF, and Information Security Policy
Enforces code quality standards for Black Trigram — maintainable, type-safe TypeScript with low complexity, organized imports, explicit error handling, and search-before-create discipline
Enforces data protection at every stage of its lifecycle for Black Trigram — classification, HTTPS/TLS 1.2+, CSP, SRI, minimal retention, aligned with Hack23 Data Classification Policy and GDPR Articles 5, 25, 32
Enforces consistent documentation standards for Black Trigram — JSDoc/TSDoc completeness, architecture currency, bilingual Korean-English content, and security documentation updates
| name | threat-modeling-enforcement |
| description | Enforces systematic threat modeling for Black Trigram using STRIDE, MITRE ATT&CK, and attack trees — maintains THREAT_MODEL.md and FUTURE_THREAT_MODEL.md aligned with Hack23 Threat Modeling Policy and Secure Development Policy §3.2 |
| license | MIT |
Strategic Principle: Identify threats before attackers do; design controls into architecture, not around it.
Enforce systematic threat modeling for all significant changes to Black Trigram so that security is designed in — not bolted on. Align with Hack23 AB's Threat Modeling Policy and Secure Development Policy §3.2 (Design phase).
Reference: Hack23 Threat Modeling Policy · Hack23 Secure Development Policy
Automatically trigger when:
SECURITY_ARCHITECTURE.md, THREAT_MODEL.md, FUTURE_THREAT_MODEL.mdApply STRIDE to every data flow that crosses a trust boundary:
| Category | Concern | Typical Mitigation |
|---|---|---|
| Spoofing | Identity fraud | Authentication, provenance, signed updates |
| Tampering | Unauthorized modification | Integrity (hashes, signatures), SRI, write permissions |
| Repudiation | Denial of action | Audit logs, cryptographic receipts |
| Information Disclosure | Data leakage | Encryption, minimal data, CSP, CORS, cautious errors |
| Denial of Service | Availability loss | Rate limiting, input size limits, resource caps, timeouts |
| Elevation of Privilege | Authorization bypass | Least privilege, input validation, safe deserialization |
For the web / client context, map relevant techniques:
Supply chain (CI/CD):
For each critical asset (integrity of combat logic, user's local device, repo integrity), draw an attack tree with:
Use Mermaid for the tree in THREAT_MODEL.md:
graph TB
Goal[Attacker: tamper with gameplay]
Goal --> Dep[Compromise dependency]
Goal --> XSS[Inject via XSS in UI]
Goal --> Store[Tamper localStorage]
Dep --> |mitigated: pin + audit + SBOM| DepM["✅"]
XSS --> |mitigated: CSP + escape + SRI| XSSM["✅"]
Store --> |mitigated: schema validation + checksum| StoreM["✅"]
Maintain DFDs showing:
| Trigger | Activity |
|---|---|
| New feature design | Light-weight STRIDE on the feature's DFD; record in PR |
| Major architectural change | Full threat model update in THREAT_MODEL.md |
| New external dependency with privileged capability | Dependency threat note + attack tree branch |
| Quarterly | Review THREAT_MODEL.md + FUTURE_THREAT_MODEL.md for freshness |
| Post-incident | Lessons learned update + new threat added |
Rule 1 — Design gate:
IF a feature introduces a new trust boundary
THEN require STRIDE entries in the PR (or `THREAT_MODEL.md` update)
Rule 2 — Architecture change:
IF `ARCHITECTURE.md` / `DATA_MODEL.md` changes
THEN `THREAT_MODEL.md` must be reviewed and, where needed, updated
Rule 3 — New dep with privileged capability:
IF adding a dependency that reads fs, makes network calls, or runs native code at build time
THEN add a threat note explaining trust assumptions
Rule 4 — Crypto / auth:
IF introducing cryptographic or auth logic
THEN document chosen primitives, key handling, and threats mitigated (Cryptography Policy)
Rule 5 — Incident learning:
IF a security incident occurred
THEN add the attack path to `THREAT_MODEL.md` with the deployed mitigation
Rule 6 — Staleness:
IF `THREAT_MODEL.md` is older than 90 days without review
THEN create 🟠 High issue to refresh
Rule 7 — DFD currency:
IF DFD no longer reflects actual architecture
THEN update diagram before merging the code change that diverged
✅ STRIDE rows recorded as a table or check-list per trust boundary
✅ MITRE ATT&CK technique IDs referenced where applicable
✅ Attack trees kept concise, in Mermaid, inside THREAT_MODEL.md
✅ DFDs updated in the same PR that changes the architecture
✅ Threat IDs linked to SECURITY_ARCHITECTURE.md controls and to tests
✅ Residual risk documented when threat is not fully mitigated
❌ Threat model written once and forgotten ❌ "It's client-side so it's safe" — ignoring supply chain and build-time ❌ Treating STRIDE as a checklist without per-boundary analysis ❌ Adding mitigations without mapping to specific threats ❌ Missing attack trees for critical assets ❌ No MITRE ATT&CK / STRIDE reference in security PR description
| Framework | Controls |
|---|---|
| ISO 27001:2022 | A.5.7 (Threat intelligence), A.8.25 (Secure development lifecycle), A.8.27 (Secure architecture and engineering) |
| NIST CSF 2.0 | ID.RA-03 (Threats, internal and external, identified), PR.IP-7 (Improvement), GV.RM (Risk management strategy) |
| CIS Controls v8.1 | 18 (Penetration testing), 14.3 (Threat modeling in training), 16.5 (Security architecture review) |
| NIST SSDF | PW.1 (Design for security), PW.2 (Review of design) |
| STRIDE | Microsoft Threat Modeling methodology |
| MITRE ATT&CK | Enterprise, Mobile, ICS matrices where applicable |
| EU CRA | Annex I §1(1)(a) secure by design |
THREAT_MODEL.md — current model (DFD + STRIDE + attack trees + MITRE mapping)FUTURE_THREAT_MODEL.md — planned evolutions and their threatsSECURITY_ARCHITECTURE.md — controls that address the threatsCRA-ASSESSMENT.md — CRA essential requirements statusA master anticipates the opponent's move before it begins, like a baduk (바둑 / go) player reading the board many moves ahead. Threat modeling is foresight in code — seeing the attack before it reaches the defense.
Rooted defense in Eight Trigram's 간 (Gan — Mountain) stance: immovable by design, not by luck. A threat-modeled architecture is a mountain stance — prepared, principled, and patient.
흑괘의 위협 모델링 — Threat Modeling of the Black Trigram