Open In App

Microsoft Threat modelling tool 2016 | Set 2

Improve
Improve
Like Article
Like
Save
Share
Report

In the previous article (i.e., Set 1) we have discussed about the introduction of Microsoft threat modelling Tool- from where to download the tool, steps to install the tool, components available for modelling the system using Data Flow Diagram. 
In this article we will be discussing the list of attributes for each element and the values of these attributes that are available to the user. 

Properties for Processes – 
 

Element Name Attribute Name Values
Generic Process Code Type Managed/ Unmanaged
  Running As Kernel
    System
    Network Service
    Local Service
    Administrator
    Standard User with Elevation
    Standard User Without Elevation
    Windows Store App
  Isolation Level AppContainer
    Low Integrity Level
    MOICE
    Sandbox
  Accepts Input From Any Remote User or Entity
    Kernel, System or Local Admin
    Local or Network Service
    Local Standard User with Elevation
    Local Standard User without Elevation
    Windows Store Apps or App Container Processes
    Nothing 
    Other
  Implements or uses an Authentication Mechanism Yes/ No
  Implements or uses an Authorization Mechanism Yes/ No
  Implements a communication Protocol Yes/ No
  Sanitizes Input Yes/ No
  Sanitizes Output Yes/ No
Managed Application Code Type * Managed
Thick client Code Type * Unmanaged
Browser Client Code Type * Unmanaged
Browser and ActiveX Plugins ActiveX No/ Yes
  Browser Plugin Object No/ Yes
Windows Store Process Code Type * Managed
  Context Local/ Web
  Documents Library Capability Yes/ No
  Enterprise Authentication capability Yes/ No
  Internet Client and Server Capability Yes/ No
  Internet(Client) Capability Yes/ No
  Location Capability Yes/ No
  Microphone Capability Yes/ No
  Music Library Capability Yes/ No
  Pictures library Capability Yes/ No
  Private Networks Client & server Capability  Yes/ No
  Proximity Capability Yes/ No
  Removable Storage Capability Yes/ No
  Shared User Certificates Capability Yes/ No
  Text Messaging Capability Yes/ No
  Videos Library Capability Yes/ No
  Webcam Capability Yes/ No

Properties for Data Store – 
 

Element Name Attribute Name Value 
Generic Data Store Stores Credentials No/ Yes
  Stores Log Data No/ Yes
  Encrypted No/ Yes
  Signed No/ yes
  Write Access Yes/ No
  Removal Storage Yes/ No
  Backup Yes/ No
  Shared Yes/ No
  Store Type SQL Relational database
    Non Relational Database
    File System
    Registry
    Configuration
    Cache
    HTML5 Storage
    Cookie 
    Device
Files System File System Type NTFS/ ExFat/ FAT/ ReFS/ IFS/ UDF/ Other
Cookies HTTP Only Yes/ No
Devices GPS Yes/ No
  Contacts Yes/ No
  Calendar Events Yes/ No
  SMS Messages Yes/ No
  Cache Credentials Yes/ No
  Enterprise Data Yes/ No
  Messaging Data Yes/ No
  SIM Storage Yes/ No
  Other Data Yes/ No

Properties for External Interactor – 
 

Element Name Attribute Name Values
External Interactor Authenticates Itself No/ Yes
  Type Not Selected/ Code/Human
  Microsoft No/ Yes
Browser Type * Code
External Web Application Type * Code
External Web Service Type * Code
Human User Type * Human
Windows Runtime Type  * Code
Windows .NET Runtime Type * Code
Windows RT Runtime Type * Code

Properties for DataFlow – 

 

Element Name Attribute Name Values
Generic Data Flow Physical Network Wire/ Wifi/ Bluetooth/ 2G-4G
  Source Authenticated Yes/ No
  Destination Authenticated Yes/ No
  Provides Confidentiality Yes/ No
  Provides Integrity Yes/ No
  Transmits XML Yes/ No
  Contains Cookies Yes/ No
  SOAP Payload Yes/ No
  REST Payload Yes/ No
  RSS Payload Yes/ No
  JSON Payload Yes/ No

Note – Asterisk (*) means the attribute values are non modifiable. 

Apart from above discussed three main panes. there are three more important options: 
 

  1. Threat Model Information – 
    You can select this dialog from the FILE Menu. This helps user to add basic information about the threat model in order to establish the risk of the component. It includes following questions: 
    • Threat Model Name
    • Owner
    • Contributors
    • Reviewer
    • High Level System Description
    • Assumptions
    • External Dependencies
    • Title
    • Version
  2. Messages – 
    You can select this dialog from the VIEW Menu. This allows to identify warnings, errors or inconsistencies in the knowledge base.
  3. Notes – 
    This dialog is also available from VIEW Menu. This is not counted during threat generation or analysis. Notes are basically the comments recorded during model discussion.

For the sample I have chosen the Online Shopping System for the DFD Generation and Consequent threat analysis. 
There are three entities in the system: 
 

  1. Administrator: Its job is to login, make changes to credentials of Administrator Account, Add product details, Update Product Details.
  2. Customer: Responsibilities include login, handle its account, search product, purchase product
  3. Sales Manager: It performs following operations in the system – Login, Modify Sales Account.

Thus there are 3 external interactors, 8 processes, 6 Data Stores and 34 Data Flow. I am attaching a snapshot of how DFD looks in the Microsoft Threat Modelling tool and also the original DFD for reference. 

DFD in Microsoft Threat Modelling Tool – 

 

Original DFD – 

 

Please note this is just a sample system not a actual functioning system so the understanding of the system and inclusion/ exclusion of process/ external interactors/ data flows/ data stores vary from person to person. 
In the next article we will see how to generate threat report for the sample system.
 



Last Updated : 09 Nov, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads