In the previous article (i.e., Set 1) we have discussed about the introduction of Microsoft threat modelling Tool- from where to download the tool, steps to install the tool, components available for modelling the system using Data Flow Diagram.
In this article we will be discussing the list of attributes for each element and the values of these attributes that are available to the user.
Properties for Processes –
| Element Name | Attribute Name | Values |
|---|---|---|
| Generic Process | Code Type | Managed/ Unmanaged |
| Running As | Kernel | |
| System | ||
| Network Service | ||
| Local Service | ||
| Administrator | ||
| Standard User with Elevation | ||
| Standard User Without Elevation | ||
| Windows Store App | ||
| Isolation Level | AppContainer | |
| Low Inegrity Level | ||
| MOICE | ||
| Sandbox | ||
| Accepts Input From | Any Remote User or Entity | |
| Kernel, System or Local Admin | ||
| Local or Network Service | ||
| Local Standard User with Elevation | ||
| Local Standard User without Elevation | ||
| Windows Store Apps or App Container Processes | ||
| Nothing | ||
| Other | ||
| Implements or uses an Authentication Mechanism | Yes/ No | |
| Implements or uses an Authorization Mechanism | Yes/ No | |
| Implements a communication Protocol | Yes/ No | |
| Sanitizes Input | Yes/ No | |
| Sanitizes Output | Yes/ No | |
| Managed Application | Code Type | * Managed |
| Thick client | Code Type | * Unmanaged |
| Browser Client | Code Type | * Unmanaged |
| Browser and ActiveX Plugins | ActiveX | No/ Yes |
| Browser Plugin Object | No/ Yes | |
| Windows Store Process | Code Type | * Managed |
| Context | Local/ Web | |
| Documents Library Capability | Yes/ No | |
| Enterprise Authentication capability | Yes/ No | |
| Internet Client and Sever Capability | Yes/ No | |
| Internet(Client) Capability | Yes/ No | |
| Location Capability | Yes/ No | |
| Microphone Capability | Yes/ No | |
| Music Library Capability | Yes/ No | |
| Pictures library Capability | Yes/ No | |
| Private Networks Client & server Capability | Yes/ No | |
| Proximity Capapbility | Yes/ No | |
| Removable Storage Capability | Yes/ No | |
| Shared User Certificates Capability | Yes/ No | |
| Text Messaging Capability | Yes/ No | |
| Videos Library Capability | Yes/ No | |
| Webcam Capability | Yes/ No |
Properties for Data Store –
| Element Name | Attribute Name | Value |
|---|---|---|
| Generic Data Store | Stores Credentials | No/ Yes |
| Stores Log Data | No/ Yes | |
| Encrypted | No/ Yes | |
| Signed | No/ yes | |
| Write Access | Yes/ No | |
| Removal Storage | Yes/ No | |
| Backup | Yes/ No | |
| Shared | Yes/ No | |
| Store Type | SQL Relational database | |
| Non Relational Database | ||
| File System | ||
| Registry | ||
| Configuration | ||
| Cache | ||
| HTML5 Storage | ||
| Cookie | ||
| Device | ||
| Files System | File System Type | NTFS/ ExFat/ FAT/ ReFS/ IFS/ UDF/ Other |
| Cookies | HTTP Only | Yes/ No |
| Devices | GPS | Yes/ No |
| Contacts | Yes/ No | |
| Calender Events | Yes/ No | |
| SMS Messages | Yes/ No | |
| Cache Credentials | Yes/ No | |
| Enterprise Data | Yes/ No | |
| Messaging Data | Yes/ No | |
| SIM Storage | Yes/ No | |
| Other Data | Yes/ No |
Properties for External Interactor –
| Element Name | Attribute Name | Values |
|---|---|---|
| External Interactor | Authenticates Itself | No/ Yes |
| Type | Not Selected/ Code/Human | |
| Microsoft | No/ Yes | |
| Browser | Type | * Code |
| External Web Application | Type | * Code |
| External Web Service | Type | * Code |
| Human User | Type | * Human |
| Windows Runtime | Type | * Code |
| Windows .NET Runtime | Type | * Code |
| Windows RT Runtime | Type | * Code |
Properties for DataFlow –
| Element Name | Attribute Name | Values |
|---|---|---|
| Generic Data Flow | Physical Network | Wire/ Wifi/ Bluetooth/ 2G-4G |
| Source Authenticated | Yes/ No | |
| Destination Authenticated | Yes/ No | |
| Provides Confidentiality | Yes/ No | |
| Provides Integrity | Yes/ No | |
| Transmits XML | Yes/ No | |
| Contains Cookies | Yes/ No | |
| SOAP Payload | Yes/ No | |
| REST Payload | Yes/ No | |
| RSS Payload | Yes/ No | |
| JSON Payload | Yes/ No |
Note – Asterisk (*) means the attribute values are non modifiable.
Apart from above discussed three main panes. there are three more important options:
- Threat Model Information –
You can select this dialog from the FILE Menu. This helps user to add basic information about the threat model in order to establish the risk of the component. It includes following questions:- Threat Model Name
- Owner
- Contributers
- Reviewer
- High Level System Description
- Assumptions
- External Dependencies
- Title
- Version
- Messages –
You can select this dialog from the VIEW Menu. This allows to identify warnings, errors or inconsistencies in the knowledge base. - Notes –
This dialog is also available from VIEW Menu. This is not counted during threat generation or analysis. Notes are basically the comments recorded during model discussion.
For the sample I have chosen the Online Shopping System for the DFD Generation and Consequent threat analysis.
There are three entities in the system:
- Administrator: Its job is to login, make changes to credentials of Administrator Account, Add product details, Update Product Details.
- Customer: Responsibilities include login, handle its account, search product, purchase product
- Sales Manager: It performs following operations in the system – Login, Modify Sales Account.
Thus there are 3 external interactors, 8 processes, 6 Data Stores and 34 Data Flow. I am attaching a snapshot of how DFD looks in the Microsoft Threat Modelling tool and also the original DFD for reference.
DFD in Microsoft Threat Modelling Tool –
Original DFD –
Please note this is just a sample system not a actual functioning system so the understanding of the system and inclusion/ exclusion of process/ external interactors/ data flows/ data stores vary from person to person.
In the next article we will see how to generate threat report for the sample system.
Recommended Posts:
- Microsoft Threat modelling tool 2016 | Set 1
- DFD Based Threat modelling | Set 1
- DFD Based Threat Modelling | Set 2
- Threat Modelling
- Difference between Threat and Attack
- How Technology Can be Threat to the Environment?
- Gradle Build Tool I Modern Open Source Build Automation
- Introduction to Apache Maven | A build automation tool for Java projects
- RAPTOR Tool - A Flowchart Interpreter
- What is JavaDoc tool and how to use it?
- SEO - An Indispensable Tool
- Get emotions of images using Microsoft emotion API in Python
- Introduction to Microsoft SMB; A network file sharing protocol
- Microsoft Windows (10) Vs macOS (Mojave)
- How to Become a Microsoft Student Partner (MSP)?
- How to Prepare for Microsoft Software Development Engineering Interview?
- 5 Tips to Prepare for Microsoft Azure Cloud Certification Exam
- Microsoft Healthcare Bot During Covid19
- Reading Data From Microsoft-Excel using Automation Anywhere
- Creating a Proxy Webserver in Python | Set 1
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.
