The first note said "No access control plan." He also filed a work item in their Team Foundation Server (TFS) database. Paul filled in some quick notes in two threats. A whiteboard diagram and some simple rules revealed the first threat! Score one for threat modeling.Ī few minutes of discussion led to a realization that they needed to think about access control and roles. As he read down, the questions helped him think about how people might tamper with the data, and he realized that no one had specified who was able to connect to the database. He read at the top of the screen that "database" is a data store, therefore subject to tampering, information disclosure, and denial of service threats. Paul started out by selecting the database in the list of elements. So start with STRIDE per element by clicking on any of the lines of the Analyze screen. I think it makes sense to start securing your house by making sure each door and window has some sort of lock on it, and only then wondering about an alarm system. Some security experts like to chase after the hacker first because the chase itself can be fun. #Microsoft sdl threat modeling tool software#There was a long list of threats there-where did they all come from? The tool had constructed them, using the SDL approach called "STRIDE per element." The idea is that software generally comes under a predictable set of threats (those shown in Figure 5). Paul was a little hesitant when he opened the Analyze screen (see Figure 5). As he found himself drawing more complexity, he added additional details by right-clicking on the context folder in the upper- right and was able to create a complex, layered diagram. Even though this was his first time, he was comfortable because the validator on the left gave him feedback, based on his experience using threat modeling as part of the SDL. This is where Paul used the Visio tools and the provided stencil to draw his DFD (see Figure 4). When the tool starts, the diagram screen is displayed. For example, you know the IT pros require that we use their Active Directory system for logon information, and so the Active Directory is shown as outside our control." The only bit that's not covered there is these trust boundary dotted lines between where different people are in control. There's a good Wikipedia article on DFDs. The system is called a data flow diagram (DFD). The Web server is consulting a database, which, just as with anywhere we store data, is two parallel lines. He's sending commands to our Web server-the circle is any running code, and the arrow gives us the direction of communication. "The way this works is Carl, our normal customer persona, is drawn as an outside entity-a rectangle. It looks pretty simple, but can you walk me through what the different shapes mean?" "Paul, I haven't seen these diagrams before. Paul brings out a print-out of a diagram that he's already made from the threat model tool's "Diagrams only" report, shown in Figure 3. "Hi Deb, I've been working on that threat model diagram, and wanted to walk through it with you to make sure we've gotten the details right." In this section, I will follow Deb (a developer), Paul (a program manager), and Tim (a tester) through the process of developing their first threat model, and I'll also discuss each screen of the tool. Note that these screens are slightly different from the outline shown in Figure 1 because it makes sense to consider threats and mitigations together since they are closely related. When you launch the SDL Threat Modeling Tool, you'll see that the lower left-hand corner looks quite a bit like Microsoft Office Outlook with four screens: diagram, analyze, environment, and reports (see Figure 2 for details). For that, see the article I co-authored in the November 2006 issue of MSDN Magazine on using the STRIDE approach, " Threat Modeling: Uncover Security Design Flaws Using the STRIDE Approach." Figure 1 provides a quick overview of the process. This column isn't a primer on SDL threat modeling. #Microsoft sdl threat modeling tool how to#This column follows a team through the process of getting started with the SDL threat modeling approach and shows you how to use the new tool to develop great threat models as a backbone of your security process. #Microsoft sdl threat modeling tool download#In November 2008, Microsoft announced the general availability of the Security Development Lifecycle (SDL) Threat Modeling Tool as a free download from MSDN. Volume 24 Number 01 Security Briefs - Getting Started With The SDL Threat Modeling Tool
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |