Microsoft Threat Analysis & Modeling tool v 2.0 (Beta 2)
Today Microsoft released Beta 2 of the second version of the Threat Modeling and Analysis Tool for download. Microsoft has been using the Threat Modeling methodology as part of our Security Development Lifecycle for a few years now.
Threat Modeling is a security-based analysis of an application to find “anti-scenarios”. This is probably one the biggest reason I like threat modeling as it makes the Application Architects and Developers look at their applications in a different way. By examining the “anti-scenarios” we will look at our applications more from a hacker's point of view which is outside-in approach versus our standard thinking of looking at an application from an inside-out perspective. This difference in mind set makes it easier to explore the potential attacks against our applications.
Now this does lead to some problems as it is hard to unlearn what we have been taught for a long time about examining our applications usually from Quality Assurance's point of view. Therefore, threat modeling can be difficult for Application Architects and Developers to master, compared to most Info Sec people.
The new Threat modeling and analysis tool, however, focuses more on the threats then the attacks. As an Application Architect or Developer of a system we have a better understanding of what is considered important and thus potential threats. By understanding the threats better this will have tendency to uncover the different attacks our application may face.
With this new approach Application Architects and Developers now view their application from the defender's point of view which lends itself to making it more natural for all stakeholders to effectively participate in the threat modeling process.
Along with automatically identifying threats, the tool can produce valuable security artifacts such as:
- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports
If you have not looked at threat modeling before, I highly suggest that you do as it is an excellent practice to examine application from a security perspective and not strictly a Quality Assurance point of view.