Sunday, February 18, 2007 4:26 PM
rvanil
Tips on Threat Analysis and Modeling Tool
Some tips to work with Threat Analysis and Modeling Tool, these could be useful specially when working on larger threat models.
- Tool support’s drag and drop functionality, just drag an item to its parent to copy the item. You can convert user roles into service roles by dragging a user role onto “Service Roles” node and vice-versa. You can also convert a component into an external dependency by dropping the component on to “External Dependencies” node.
- You can take advantage of Auto-Save feature by going to Tools -> Options -> General tab. You can configure it to save a file for every 1-15 minutes.
- All the item collections like User Roles, Data, and Components can be sorted by name except for threats. As threats are auto-generated, it may not be useful to sort them by name. Thus we have other ways to sort threat by. They can be sorted either by Business Impact or by Probability or by Risk Rating or by Risk Response. The resulting order is persisted in the threat model which allows you to prioritize threats accordingly.
- You can customize the name of a threat making it more meaningful. By default all threats generated will have a generic name it may be difficult to identify and interpret. For example you can change a threat name to, “Compromise of Sales data confidentiality”.
- Take advantage of custom reports, threat model file is stored in xml format. You can use any XSLT file to transform this xml into a nice report. Select Reports -> Custom Report to bring up the file dialog to select any custom XSLT file to do the transformation. Stock Reports can be used as templates for your reports, they can be found at <Program Files>/Microsoft Corporation/ Microsoft Threat Analysis and Modeling v2.1/Graphics/Reports. If you wish to extend a stock report, please extend a copy of the report rather than the original one.
- Use Find functionality (Ctrl + F) to find items in your threat model, for example you can find threats related to a component or identify items that are not used anywhere in the model.
- Threat model templates allow you to re-use certain information, could be useful multiple applications have similar components and functionalities. You can save a threat model as a template and re-use it to create new threat models.
More tips and features later.
Thanks
Anil Revuru (RV)
Security Technologist
Microsoft ACE Team
Anonymous comments are disabled
About rvanil
I am currently working for Microsoft as a Security Technologist where, I am responsible for tool development, conducting security architecture design, threat modeling, application and source-code assessments. Previously as a Security Consultant for a security services vendor, I have helped Fortune 100 clients evaluate the security of their software products and applications. I have authored many security tools and presented courses internally at Microsoft.
I come from Hyderabad India, with a Diploma in Mechanical Engineering from JNTU Hyderabad. I was a developer for 5 years, designing and developing both software and web applications. I also made significant contribution to the security development of products at V-Empower Inc. After joining in Microsoft, I worked towards finding security weaknesses and providing necessary countermeasures to application teams.
