After having a discussion on Threat modelling. Now we are aware of what is threat modelling and what are the two approaches for threat modelling- DFD Based Threat Modelling Set 1, & Set 2 and Process Flow Diagram Based Threat Modelling.
In this article we will in detail discuss Microsoft Threat Modelling Tool 2016. This tool can:
- Can create DFD for products and services
- Analyse DFD to automatically generate a list of potential threats
- Suggest potential mitigations to design vulnerabilities
- Produce reports listing identified and mitigated threats
- Creates custom templates for threat modelling
Microsoft Threat Modelling Tool applies STRIDE threat classification scheme to the identified threats.
STRIDE is an acronym for Spoofing, Tampering, Repudiation, Information Disclosure, Elevation of Privilege.
This tool is free to download and use.
You can download the tool by following the below mentioned link, from the official Microsoft website:
Microsoft Threat Modelling Tool
After downloading the tool, next Run ThreatModelingTool2016.msi and install the tool by just following the steps.
There are four scenarios available when you run the tool.
- Creating New Threat Model: A new model for the system is created by drawing the diagram. We will be discussing this scenario in detail. By default template for the new model is SDL TM Knowledge Base(Core) (184.108.40.206)
- Modifying an Existing Threat Model: Open existing model and analyse threats against your system. One can open the existing model for making changes either by selecting the desired model form the list of recently opened models on the initial screen or by navigating to open option in the file menu.
- Create New Template: Define stencils, threat types and custom threat properties for your threat model from scratch.
- Modifying Existing Template: Open existing template to make modifications to better suit your specific threat analysis
Click on create NEW MODEL option to get started with the threat analysis.
The main screen will be featuring three panes: Drawing Canvas, Stencils, Element Properties.
- Drawing Canvas: This is the space for the user to draw Data Flow Diagram for the system to be modeled. The recommended process is to begin with a simple diagram and add details to explain the system and show all the trust boundaries. If you use child diagrams, you can extend designs laterally into multiple sheets and expand high level elements into their internal component elements.
- Stencils: This shows the large set of icons and components that help draw DFD more precisely. Using more specific elements allow the generation of more precise threats. The Stencils pane displays tree view of stencils categorized by Generic Stencils.
Below is the list of elements available:
- Generic Process
- OS Process: It means a windows process.
- Thread: Means a thread of execution in windows process.
- Kernel Thread: It is a thread of execution in windows kernel.
- Native Application: It is representation of Win32 or Win64 Application
- Managed Application: It is a representation of .NET Application.
- Thick Client: It is a representation of thick client
- Browser Client: It is a representation of browser client.
- Browser and ActiveX Plugins: It is a representation of browser plugin
- Web Server: It is a representation of web server process.
- Windows Store Process: It is a representation of windows store process.
- Win32 Service: It is a representation of network service.
- Web Application: Delivers web content to the user.
- Web Service: Exposes a programmatic interface.
- Virtual Machine: A virtual machine running on Hyper-V partition.
- Application Running on a non Microsoft OS: These are the Microsoft applications running on the OS from Google or Apple.
- Generic External Interactor
- Browser: It is a representation of external web browser.
- Authorization Provider: It is a representation of an external authorization provider. Example Facebook etc.
- External Web Application: It is representation of an external web application (such as a portal or front end) that delivers web content to a human user.
- External Web Service: It is representation of an external web service that exposes a programmatic interface.
- Human User: It is a representation of human user.
- Mega Service: A large service that has only one instance on the Internet, such as Outlook.com or Xbox Live.
- Windows Runtime: Represents the point where an application calls into an unmanaged runtime library such as the CRT.
- Windows .NET Runtime: Represents the point where an application calls into the .NET Framework.
- Windows RT Runtime: Represents the point where an application calls into WinRT.
- Generic Data Store
- Cloud Storage: It is a representation of cloud storage.
- SQL Database: It is a representation of SQL Database
- Non Relational Database: It is a representation of Non Relational Database.
- File System: It is a representation of file system.
- Registry Hive: It is a representation of registry.
- Configuration File: Files such as INF, XML etc.
- Cache: It is a representation of local cache
- HTML5 Local Storage: It is a representation of HTML5 Local Storage.
- Cookies: It is a representation of cookie storage
- Device: It is a representation of device storage.
- Generic Data Flow
- HTTP: It is a representation of HTTP data flow
- HTTPS: It is a representation of HTTP, TLS, SSL data flow
- IPSec: It is a representation of IPSec data flow.
- Named Pipe: It is a representation of Named Pipe data flow.
- SMB: It is a representation of Sever Message Block 1.0 or Server Message Block 2.0 data flow
- RPC or DCOM: It is a representation of Remote Procedure call or Distributed COM data flow.
- ALPC: Inter-process communication using Advanced Local Procedure Call Port.
- UDP: User Data Protocol Transport.
- IOCTL Interface: An interface of an application to communicate to device driver.
- Generic Trust Line Boundary
- Internet Boundary
- Machine Trust Boundary
- User Mode or Kernel Mode Boundary
- App Container Boundary
- Generic Trust Border Boundary
- CorpNet Trust Boundary: It is a border representation of corporate network trust boundary.
- Sandbox Trust Boundary Border: It is a border representation of sandbox trust boundary.
- Internet Explorer Boundaries: It is an arc representation of Internet trust boundary
- Other Browser Boundaries: Describes the types of trust boundaries implemented by Google Chrome and Mozilla Firefox.
- Free Text Annotation
- Generic Process
- Element Properties: The attributes or we can say properties vary from element to element. The only property which is common for all elements is Name which identifies each element and Out of Scope property which means to remove the element and its interactions from the threat generation matrix so that it does not get counted while listing the potential threats.
Each of these components have certain customizable attributes where each of them have a predefined default value so it is upto the user to set these values or not.
In the Next article (i.e., Set 2) we will be discussing the list of attributes of each component and how to generate the threat report.