Scribd
Upload
42 views14 pages

Essential Threat Modeling Tools Guide

This document discusses various tools for threat modeling, emphasizing the importance of both open source and commercial options. It highlights the utility of tools like whiteboards, office suites, and bug-tracking systems in creating and managing threat models. Additionally, it provides an overview of specific tools such as TRIKE, ThreatModeler, and Microsoft's SDL Threat Modeling Tool, detailing their functionalities and intended users.

Uploaded by

Sherly Chantika
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
42 views14 pages

Essential Threat Modeling Tools Guide

This document discusses various tools for threat modeling, emphasizing the importance of both open source and commercial options. It highlights the utility of tools like whiteboards, office suites, and bug-tracking systems in creating and managing threat models. Additionally, it provides an overview of specific tools such as TRIKE, ThreatModeler, and Microsoft's SDL Threat Modeling Tool, detailing their functionalities and intended users.

Uploaded by

Sherly Chantika
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Subject : Software Security

Year : 2019

Threat Modelling Tools


Learning Outcomes
At the end of this session, student will be able to:
•) Using Open source tools for threat modelling
Introduction

This chapter covers tools to help you threat model. Tooling can help threat
modeling in a number of ways. It can help you create better models, or create
models more fl uidly. Tools can help you remember to engage in various steps,
or provide assistance performing those steps. Tools can help create a more
legible or even beautiful threat model document. Tools can help you check your
threat model for completeness. Finally, tools can help you create actionable
output from a threat model.
Generally Useful Tools

Whiteboards
I can hardly imagine threat modeling without a whiteboard. No technology I’ve
used has the immediacy, flexibility, and visibility to a group than a whiteboard
when iteratively drawing system architecture. Whiteboards also have the advantage
of transience—drawing on paper just isn’t the same.

Office Suites
Microsoft Office contains a number of tools that are very useful in threat
modeling. Word is a great tool for recording threats in free-form.

Bug-Tracking Systems
Whatever bug-tracking system you use should also be used to track threats. A
good bug from threat modeling can take many forms.
Bug Tracking Systems

■ The threat itself: Here the bug title is of a form such as “an attacker can
threaten the component” or “the component is vulnerable to threat.” For example,
“the front end is vulnerable to spoofi ng because we use
reusable passwords.”
■ The mitigation: Here, the bug title is of a form such as “the component
needs mitigation.” For example, “the front end needs to run only over
SSH.” In the text of the bug, you should also explain the threat.
■ The need to test a mitigation: This is what you can title a bug if someone
says, “Oh, the front end isn’t vulnerable to that.” Rather than absorb time
in the meeting to discuss or check the threat, fi le a bug, “Test front end
vulnerability to threat” and ensure that there are good tests for the bug.
Bug Tracking System

■ The need to validate an assumption: These bugs are fi led to ensure that
someone follows up on an assumption you discover while threat modeling,
and on which you depend for a security property. The bug should have
a title such as “security depends on assumption A” or “security property
X of component Y depends on assumption Z.” For example, “Security
depends on the assumption that no one would ever fi nd the key in the
fake rock that looks exactly like the rocks at our last house.”
■ Other tracking items: You should treat the preceding items as suggestions,
not a form into which all bugs need to fi t. If you fi nd something
worth tracking, fi le a bug.
Open Source Tools

TRIKE
There are two tools named TRIKE. The fi rst was a standalone desktop tool,
written in Smalltalk. That tool is no longer being maintained, and TRIKE is
now implemented in a spreadsheet. According to documentation, it works best
in Excel 2011 for the Macintosh (Trike, 2013). TRIKE is sometimes referred to
as “OctoTrike.”

SeaMonster
SeaMonster is an Eclipse-based attack tree and misuse case tool that was
developed
by students at the Norwegian University of Science and Technology.
Commercial Tools

ThreatModeler
ThreatModeler from [Link] is a defense-oriented tool based on
data elements, roles, and components. It uses a set of attack libraries, including
the MITRE CAPEC (see Chapter 4, “Attack Trees”), the WASC threat classifi cation,
and others. The tool generates attack trees with the component as the root,
requirements that can be violated as a fi rst level of subnode, and then threats
and attacks as the next layers. According to the documentation, ThreatModeler
is intended to be used by architects, developers, security professionals, QA
professionals, or senior executives. ThreatModeler requires Windows.
Commercial Tools

Corporate Threat Modeller


Corporate Threat Modeller from SensePost is a tool built to support a methodology
designed after an analysis of the strengths and weaknesses of a number of threat
modeling approaches. Those approaches included threat trees and OCTAVE, a US-
CERT-originated system for threat modeling a business (White, 2010).
Commercial Tools

SecurITree
SecurITree is threat risk software from Amenaza Technologies, which launched
in 2007 to positive reviews (SC Magazine, 2007). The product seems like a well
thought through tool for constructing, managing and interpreting threat trees.
It contains not only the ability to manage trees, but a set of ways to fi lter those
trees.
Commercial Tools

Little-JIL
If you’re making use of threat trees at a research institution, the Little-JIL software
may be helpful. “Little-JIL is a graphical language for defi ning processes
that coordinate the activities of autonomous agents and their use of resources
during the performance of a task.”
Commercial Tools

Microsoft’s SDL Threat Modeling Tool


Microsoft has shipped at least four families of threat modeling tools. They are
the Elevation of Privilege card game, the SDL Threat Modeling Tool v3, the Threat
Analysis and Modeling Tool, and the Threat Modeling Tool v1 and 2. I was the
project lead for Elevation of Privilege and the SDL Threat Modeling Tool v3 and
3.1. The currently available SDL Threat Modeling Tool is (or has been) available
free from Microsoft.
Commercial Tools

Microsoft’s SDL Threat Modeling Tool


Microsoft has shipped at least four families of threat modeling tools. They are
the Elevation of Privilege card game, the SDL Threat Modeling Tool v3, the Threat
Analysis and Modeling Tool, and the Threat Modeling Tool v1 and 2. I was the
project lead for Elevation of Privilege and the SDL Threat Modeling Tool v3 and
3.1. The currently available SDL Threat Modeling Tool is (or has been) available
free from Microsoft.
References

Shostack, A. 2014. Threat Modelling Designing for security. Wiley. ISBN:978-1-118-


80999-0

You might also like