Skip to content
Related Articles

Related Articles

Microsoft Threat modelling tool 2016 | Set 2
  • Last Updated : 01 Aug, 2018

In the previous article (i.e., Set 1) we have discussed about the introduction of Microsoft threat modelling Tool- from where to download the tool, steps to install the tool, components available for modelling the system using Data Flow Diagram.
In this article we will be discussing the list of attributes for each element and the values of these attributes that are available to the user.

Properties for Processes –

Element NameAttribute NameValues
Generic ProcessCode TypeManaged/ Unmanaged
 Running AsKernel
  System
  Network Service
  Local Service
  Administrator
  Standard User with Elevation
  Standard User Without Elevation
  Windows Store App
 Isolation LevelAppContainer
  Low Inegrity Level
  MOICE
  Sandbox
 Accepts Input FromAny Remote User or Entity
  Kernel, System or Local Admin
  Local or Network Service
  Local Standard User with Elevation
  Local Standard User without Elevation
  Windows Store Apps or App Container Processes
  Nothing 
  Other
 Implements or uses an Authentication MechanismYes/ No
 Implements or uses an Authorization MechanismYes/ No
 Implements a communication ProtocolYes/ No
 Sanitizes InputYes/ No
 Sanitizes OutputYes/ No
Managed ApplicationCode Type* Managed
Thick clientCode Type* Unmanaged
Browser ClientCode Type* Unmanaged
Browser and ActiveX PluginsActiveXNo/ Yes
 Browser Plugin ObjectNo/ Yes
Windows Store ProcessCode Type* Managed
 ContextLocal/ Web
 Documents Library CapabilityYes/ No
 Enterprise Authentication capabilityYes/ No
 Internet Client and Sever CapabilityYes/ No
 Internet(Client) CapabilityYes/ No
 Location CapabilityYes/ No
 Microphone CapabilityYes/ No
 Music Library CapabilityYes/ No
 Pictures library CapabilityYes/ No
 Private Networks Client & server Capability Yes/ No
 Proximity CapapbilityYes/ No
 Removable Storage CapabilityYes/ No
 Shared User Certificates CapabilityYes/ No
 Text Messaging CapabilityYes/ No
 Videos Library CapabilityYes/ No
 Webcam CapabilityYes/ No

Properties for Data Store –



Element NameAttribute NameValue 
Generic Data StoreStores CredentialsNo/ Yes
 Stores Log DataNo/ Yes
 EncryptedNo/ Yes
 SignedNo/ yes
 Write AccessYes/ No
 Removal StorageYes/ No
 BackupYes/ No
 SharedYes/ No
 Store TypeSQL Relational database
  Non Relational Database
  File System
  Registry
  Configuration
  Cache
  HTML5 Storage
  Cookie 
  Device
Files SystemFile System TypeNTFS/ ExFat/ FAT/ ReFS/ IFS/ UDF/ Other
CookiesHTTP OnlyYes/ No
DevicesGPSYes/ No
 ContactsYes/ No
 Calender EventsYes/ No
 SMS MessagesYes/ No
 Cache CredentialsYes/ No
 Enterprise DataYes/ No
 Messaging DataYes/ No
 SIM StorageYes/ No
 Other DataYes/ No

 

Properties for External Interactor –

Element NameAttribute NameValues
External InteractorAuthenticates ItselfNo/ Yes
 TypeNot Selected/ Code/Human
 MicrosoftNo/ Yes
BrowserType* Code
External Web ApplicationType* Code
External Web ServiceType* Code
Human UserType* Human
Windows RuntimeType * Code
Windows .NET RuntimeType* Code
Windows RT RuntimeType* Code

Properties for DataFlow –



Element NameAttribute NameValues
Generic Data FlowPhysical NetworkWire/ Wifi/ Bluetooth/ 2G-4G
 Source AuthenticatedYes/ No
 Destination AuthenticatedYes/ No
 Provides ConfidentialityYes/ No
 Provides IntegrityYes/ No
 Transmits XMLYes/ No
 Contains CookiesYes/ No
 SOAP PayloadYes/ No
 REST PayloadYes/ No
 RSS PayloadYes/ No
 JSON PayloadYes/ No

Note – Asterisk (*) means the attribute values are non modifiable.

Apart from above discussed three main panes. there are three more important options:

  1. Threat Model Information –
    You can select this dialog from the FILE Menu. This helps user to add basic information about the threat model in order to establish the risk of the component. It includes following questions:
    • Threat Model Name
    • Owner
    • Contributers
    • Reviewer
    • High Level System Description
    • Assumptions
    • External Dependencies
    • Title
    • Version
  2. Messages –
    You can select this dialog from the VIEW Menu. This allows to identify warnings, errors or inconsistencies in the knowledge base.
  3. Notes –
    This dialog is also available from VIEW Menu. This is not counted during threat generation or analysis. Notes are basically the comments recorded during model discussion.

For the sample I have chosen the Online Shopping System for the DFD Generation and Consequent threat analysis.
There are three entities in the system:

  1. Administrator: Its job is to login, make changes to credentials of Administrator Account, Add product details, Update Product Details.
  2. Customer: Responsibilities include login, handle its account, search product, purchase product
  3. Sales Manager: It performs following operations in the system – Login, Modify Sales Account.

Thus there are 3 external interactors, 8 processes, 6 Data Stores and 34 Data Flow. I am attaching a snapshot of how DFD looks in the Microsoft Threat Modelling tool and also the original DFD for reference.

DFD in Microsoft Threat Modelling Tool –

Original DFD –

Please note this is just a sample system not a actual functioning system so the understanding of the system and inclusion/ exclusion of process/ external interactors/ data flows/ data stores vary from person to person.
In the next article we will see how to generate threat report for the sample system.

Try out the all-new GeeksforGeeks Premium!

My Personal Notes arrow_drop_up
Recommended Articles
Page :