Performance Threat Models

Published 13 November 07 12:37 PM | ricom

I've been meaning to post this for ages and somehow I kept forgetting.

J.D. and I have long thought that many of the techniques used to do a security threat model are actually directly applicable to doing performance analysis as well. The idea of threats and mitigations is quite general but more importantly a direct analysis of the architecture is invaluable and its something you can do very early in the lifecycle of a product. Think of it as "testing" the architecture while it's still just a diagram.

A while ago J.D. produced this analysis which I think you might find useful: http://blogs.msdn.com/jmeier/archive/2007/08/28/performance-threats.aspx

The idea of testing the architecture is something I want to do a lot more of in the next version of Visual Studio (but more on that another time)

Filed under: performance, design advice, recommendations

Comments

# Anders Borum said on November 14, 2007 4:14 AM:

Hi Rico,

I attented a few sessions on threat analysis at the Tech-Ed in Barcelona 2007 and found them very useful. Interesting stories on internal decisions in Microsoft definately convinced me that you're very serious on security these days.

That said, I definately see the resemblance to performance. Will take a look at the link you provided.

New Comments to this post are disabled

Rico Mariani's Performance Tidbits

Performance Threat Models

Comments

Search

This Blog

Tags

Archives

Performance

Syndication