Even though this was his first time, he was comfortable because the validator on the left gave him feedback, based on his experience using threat modeling as part of the SDL. This is where Paul used the Visio tools and the provided stencil to draw his DFD (see Figure 4). When the tool starts, the diagram screen is displayed. For example, you know the IT pros require that we use their Active Directory system for logon information, and so the Active Directory is shown as outside our control." The only bit that's not covered there is these trust boundary dotted lines between where different people are in control. There's a good Wikipedia article on DFDs.
The system is called a data flow diagram (DFD). The Web server is consulting a database, which, just as with anywhere we store data, is two parallel lines. He's sending commands to our Web server-the circle is any running code, and the arrow gives us the direction of communication. "The way this works is Carl, our normal customer persona, is drawn as an outside entity-a rectangle.
It looks pretty simple, but can you walk me through what the different shapes mean?" "Paul, I haven't seen these diagrams before. Paul brings out a print-out of a diagram that he's already made from the threat model tool's "Diagrams only" report, shown in Figure 3. "Hi Deb, I've been working on that threat model diagram, and wanted to walk through it with you to make sure we've gotten the details right." In this section, I will follow Deb (a developer), Paul (a program manager), and Tim (a tester) through the process of developing their first threat model, and I'll also discuss each screen of the tool. Note that these screens are slightly different from the outline shown in Figure 1 because it makes sense to consider threats and mitigations together since they are closely related. When you launch the SDL Threat Modeling Tool, you'll see that the lower left-hand corner looks quite a bit like Microsoft Office Outlook with four screens: diagram, analyze, environment, and reports (see Figure 2 for details). For that, see the article I co-authored in the November 2006 issue of MSDN Magazine on using the STRIDE approach, " Threat Modeling: Uncover Security Design Flaws Using the STRIDE Approach." Figure 1 provides a quick overview of the process. This column isn't a primer on SDL threat modeling. This column follows a team through the process of getting started with the SDL threat modeling approach and shows you how to use the new tool to develop great threat models as a backbone of your security process. In November 2008, Microsoft announced the general availability of the Security Development Lifecycle (SDL) Threat Modeling Tool as a free download from MSDN.
Volume 24 Number 01 Security Briefs - Getting Started With The SDL Threat Modeling Tool
0 kommentar(er)
