Threat Models are a wonderful tool to understand the risk represented by a solution you are developing and to mitigate that risk, to ensure that the final result represents an acceptable risk for your organization.
Microsoft Threat Modeling Tool 2014 has introduced the possibility to generate Threats automatically: you design the model and it finds some Threats, based on the model. The result is in many cases a decent analysis of the system you are assessing, but how to make it great?
The answer is to create a custom template, based on your specific scenario: imagine the possibility to define a model based on your environment, not on some general idea that does not apply so well to your needs; and imagine that this enables you to generate the Threats that make sense for you. Consider that your needs could can change over time: yesterday you used three-tiered Web Application, now you have the Cloud and IoT. Fortunately for us, Microsoft Threats Modeling Tool 2016 has introduced the possibility to customize the Template and to create something that is really focused on your needs.
This article is the first one of a series that I am planning to publish, on the process that you could use to create and maintain your own Templates.
So, let’s start with the basics: what is a Threat Model Template and how can you create one?
The first step is to open Microsoft Threat Modeling Tool and to Open the default template that is shipped with the tool. To do this, you have to use the Open Template button in your Threat Modeling Tool.
This would allow you to select a Threat Model that will be opened, in our case default.tb7, which in my system is in folder “C:\Program Files (x86)\Microsoft\Threat Modeling Tool\KnowledgeBase”.
You will get an error, shown in the next picture: this error is really a warning, because it simply states that you are not supposed to edit that file.
Let’s ignore the error for now and click on the OK button. We will see how to get rid of it in a minute.
When we do that, we see a tabbed interface with many pages: the first one is dedicated to editing the Stencils, that is the various entities that will be used to create the model. The second tab shows the Threat Types: it contains the definition of the Threats and the rules that are used by the Threat Modeling Tool to generate the Threats themselves in your models. All Threats share the same properties, which are defined in the Threat Properties Tab. Finally, there is the Messages tab containing the various diagnostics.
Each Tab will be dedicated an article, to describe its contents and how to use them.
Now, let’s return to the issue with the error. You have probably noticed that the welcome page includes a Create New Template page: it allows you to create a blank Template, which could be useful in some scenarios, but not if you wish to leverage an existing Template creating a derivative work. If you want for example create a new Template from the standard one shipped with the Microsoft Threat Modeling Tool, you have to do something different.
Please consider that what follows is not supported by Microsoft. It works, though.
First of all, you have to copy your template, then you need to open it with an editor, like Notepad.
The content is an XML file and you are most interested by the Manifest node. It contains many attributes:
- author: It must be set with the name of the user, in the format domain\username. Please consider that it is case sensitive:if it does not work for you, simply put your domain name uppercase. If the account is local, the name of the machine will be used instead of the name of the Domain: use the command “whoami” as a reference.
By the way, this is the reason why we received the error.
- version: version number. It is recommended to start with 220.127.116.11 or something similar. Version is important, because the Threat Modeling tool uses it to apply new Templates: in fact, you are allowed to upgrade the Template applied to a model, but not to downgrade it.
- id: this uniquely represents a Template. The tool does not allow switching between Templates, and the id is the key for this check.
- name: it is the human-readable name of the Template. As far as I know, this is to describe the Template only and has no other effects.
So, a possible configuration for a new Template, would be the following:
This is all for now.
Happy editing of your new Template!