Microsoft Threat Modeling Tool For Mac

The Threat Modeling Tool allows users to specify trust boundaries, indicated by the red dotted lines, to show where different entities are in control. For example, IT administrators require an Active Directory system for authentication purposes, so the Active Directory is outside of their control. Cristina: Looks right to me. How To Use Microsoft Threat Modeling Tool 2016, Create DFD Model and identity threat STRIDE.

  • Threat Modeling at Microsoft This is an excellent series of blog posts by Microsoft’s Larry Osterman about threat modeling, using the PlaySound API as an example. Long, detailed, and complicated, but well worth reading.
  • Threat Dragon is an open-source threat modelling tool from OWASP. It comes as a web application or an Electron based installable desktop app for MacOS, Windows and Linux. The desktop app saves your threat models on your local file system, but the online version stores its files in GitHub.
  • Products must use only approved message authentication code (MAC) or hash-based message authentication code (HMAC) algorithms. A message authentication code (MAC) is a piece of information attached to a message that allows its recipient to verify both the authenticity of the sender and the integrity of the message using a secret key.
-->

The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. As a result, it greatly reduces the total cost of development. Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.

Visit the Threat Modeling Tool to get started today!

The Threat Modeling Tool helps you answer certain questions, such as the ones below:

  • How can an attacker change the authentication data?
  • What is the impact if an attacker can read the user profile data?
  • What happens if access is denied to the user profile database?

STRIDE model

To better help you formulate these kinds of pointed questions, Microsoft uses the STRIDE model, which categorizes different types of threats and simplifies the overall security conversations.

CategoryDescription
SpoofingInvolves illegally accessing and then using another user's authentication information, such as username and password
TamperingInvolves the malicious modification of data. Examples include unauthorized changes made to persistent data, such as that held in a database, and the alteration of data as it flows between two computers over an open network, such as the Internet
RepudiationAssociated with users who deny performing an action without other parties having any way to prove otherwise—for example, a user performs an illegal operation in a system that lacks the ability to trace the prohibited operations. Non-Repudiation refers to the ability of a system to counter repudiation threats. For example, a user who purchases an item might have to sign for the item upon receipt. The vendor can then use the signed receipt as evidence that the user did receive the package
Information DisclosureInvolves the exposure of information to individuals who are not supposed to have access to it—for example, the ability of users to read a file that they were not granted access to, or the ability of an intruder to read data in transit between two computers
Denial of ServiceDenial of service (DoS) attacks deny service to valid users—for example, by making a Web server temporarily unavailable or unusable. You must protect against certain types of DoS threats simply to improve system availability and reliability
Elevation of PrivilegeAn unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system. Elevation of privilege threats include those situations in which an attacker has effectively penetrated all system defenses and become part of the trusted system itself, a dangerous situation indeed

Next steps

Proceed to Threat Modeling Tool Mitigations to learn the different ways you can mitigate these threats with Azure.

Modeling
titledescriptionauthorms.authorms.servicems.subservicems.topicms.date
Overview of the Microsoft Threat Modeling Tool, containing information on getting started with the tool, including the Threat Modeling process.
jegeib
security-develop
02/16/2017

The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. As a result, it greatly reduces the total cost of development. Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.

The tool enables anyone to:

  • Communicate about the security design of their systems
  • Analyze those designs for potential security issues using a proven methodology
  • Suggest and manage mitigations for security issues

Here are some tooling capabilities and innovations, just to name a few:

  • Automation: Guidance and feedback in drawing a model
  • STRIDE per Element: Guided analysis of threats and mitigations
  • Reporting: Security activities and testing in the verification phase
  • Unique Methodology: Enables users to better visualize and understand threats
  • Designed for Developers and Centered on Software: many approaches are centered on assets or attackers. We are centered on software. We build on activities that all software developers and architects are familiar with -- such as drawing pictures for their software architecture
  • Focused on Design Analysis: The term 'threat modeling' can refer to either a requirements or a design analysis technique. Sometimes, it refers to a complex blend of the two. The Microsoft SDL approach to threat modeling is a focused design analysis technique

Next steps

The table below contains important links to get you started with the Threat Modeling Tool:See also: System requirements

Microsoft Threat Modeling Tool Examples

StepDescription
1Download the Threat Modeling Tool
2Read Our getting started guide
3Get familiar with the features
4Learn about generated threat categories
5Find mitigations to generated threats

Microsoft Threat Modeling Tool Training

Resources

Microsoft Threat Modeling Tool Stencils

Here are a few older articles still relevant to threat modeling today:

Microsoft Threat Modeling Tool For Mac Osx

Check out what a few Threat Modeling Tool experts have done: