Q-SLICE Threat Modelling

Threat modelling is a structured approach used to identify, analyse, and mitigate potential security threats to systems, applications, or infrastructure. It helps organisations understand what assets need protection, who might attack them, and how those attacks could occur, so appropriate defensive controls can be put in place.

Learn more

Q-SLICE

Q-SLICE^TM is designed for use by security architects, risk analysts, and threat modellers to help identify and assess threats in a quantum-capable or a quantum-resilient environment. It has been based on a similar concept to STRIDE where each letter corresponds to a specific class of threat. These categories have been designed to blend classical concerns with quantum-specific challenges now and in the future. Q-Slice can be used alongside STRIDE, PASTA or Mitre ATT&CK as it is designed to be fully interoperable and adds an extra layer of consideration to threat modelling.

While STRIDE is foundational in teaching security design and evaluating threats at a system architecture level, it does not account for:

Cryptanalytic advances from quantum algorithms (Shor, Grover)
Legacy crypto exposure (HNDL)
Hybrid attack surfaces in quantum-classical integrations (TLS, IPsec, QKD, IBM Q, Amazon Braket

"STRIDE lacks abstraction layers necessary to express modern or emerging threats, especially those introduced by hybrid computing models or future cryptanalytic tools."

Shostack, 2014

Q-SLICE doesn't replace STRIDE it merely extends it. By combining them, you can ensure that your threat modelling process captures both traditional threats and those introduced by quantum. This dual perspective is essential for organisations planning long-term investments in cryptography and secure system design.

Q-SLICE™ is designed to plug the blind spots in current threat models so the quantum threat is not overlooked or remain unconsidered. The consideration part will take time with organisations focused on AI other new technology and strategy. Quantum is a far out technology for most without the understanding or expertise to consider the harm posed by quantum. It may be that an incident or risk due to a jump in quantum becomes the driver for greater focus. In security it is always better to be proactive as opposed to reactive hence starting to develop an easy to use and workable threat model ahead of time, with the time to mature as well. With Q-SLICE™ its categories reflect:

Quantum attack vectors (QKD tampering, algorithmic decryption)
Trust boundary fragility in post-quantum infrastructure
AI + Quantum convergence risks
Physical-layer threats unique to quantum coherence

These align with risk areas raised back in 2022 by NIST:

"Quantum computing will undermine current cryptographic assumptions, creating urgent need for security design paradigms that incorporate post-quantum analysis."

Chen et al., NIST PQC Round 3 Status Report, 2022

Quantum Computing Numbers

3786

Qubits is the target IBM aims to achieve by 2025, potentially placing RSA and ECC encryption at real risk

76%

Of global encrypted internet traffic is vulnerable to quantum attacks if post-quantum cryptography is not adopted in time.

19 million

Dollars was allocated by the U.S. Department of Homeland Security in 2023 to accelerate post-quantum cryptography adoption.

Years is the estimated timeframe in which large-scale quantum computers could break RSA-2048 encryption, according to NIST projections.

ABOUT

Jeremy Green developer of Q-SLICE and QUANTA as part of his PhD in computer science. Is also a skilled and experienced security professional with more than 20 certifications across platform, security and DevSecOps including CISSP, CISM, CEH, ECDE and CHFI. He is also an official instructor for ISACA and EC Council and the author of Information Security Management Principles, fourth edition and Security Architecture A practical guide to designing proactive and resilient cyber protection published by BCS.

Author

Jeremy is also the author of BCS Information Security Management Principles Fourth Edition and Security Architecture: A practical guide to designing proactive and resilient cyber protection.

Instructor

Jeremy is an instructor for CompTIA, ISC2, ISACA and EC Council with twenty certifications. He also teachers Ethical Hacking and Digital Forensics on a Foundation Degree and holds a Cert Ed and QTLS.

Security Architect

Jeremy is a security architect supporting the security design and implementation of a large project for Leidos. Undertaking threat modelling, design assessment and stakeholder engagement.

Get ahead with quantum security

Many organisations will be slow to recognise or respond to the threat posed by quantum computing, particularly in relation to its potential to break classical cryptographic systems. Some of this is due to quantum computing still being widely perceived as an abstract, long-term concern rather than an immediate operational risk.

Get The Book