none
sample .tms RRS feed

  • Question

  • Hi. I was wondering if there was a sample .tms file out there that I could download to learn the new Threat Modeling tool (3.1).

    Thanks.

    S
    • Moved by Hengzhe Li Tuesday, June 21, 2011 12:20 PM Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
    Wednesday, March 11, 2009 8:36 PM

Answers

  • Nevermind, I found one. There is a sample .TMS file listed in the getting started area. I read over that once, but did not see the sample.

    It is found here: C:\Program Files\Microsoft\SDL Threat Modeling Tool\HelpFiles\GettingStarted.htm

    -b33p3r
    Sean
    Wednesday, March 11, 2009 8:42 PM
  • Because the user started the process in his own context. There would be no boundary of trust being crossed for the commands and responses between the user and the application.

    Remember that the point of a trust boundary is to mark when untrusted input is entering, or where there is shared access to an asset. The interaction between the user and his own process is in no way such a boundary.
    Tuesday, March 17, 2009 7:14 PM

All replies

  • Nevermind, I found one. There is a sample .TMS file listed in the getting started area. I read over that once, but did not see the sample.

    It is found here: C:\Program Files\Microsoft\SDL Threat Modeling Tool\HelpFiles\GettingStarted.htm

    -b33p3r
    Sean
    Wednesday, March 11, 2009 8:42 PM
  • Sean,

    I wanna thank you. For as much work as I have done with the SDL TM tool, I didn't even know that sample was there. I recently recommended to Adam that they include a sample TM so people can see how it works, as I get asked that a lot. To my embarrassment, it apparently is already there.

    You just made my life easier when talking to the community about this. Thanks!
    Thursday, March 12, 2009 3:49 PM
  • If anyone posting here would like to offer up a threat model they're proud of, I'd be happy to consider adding it as an additional community sample.

    Adam
    (SDL TM Tool PM)
    Monday, March 16, 2009 9:11 PM
  • Just as an FYI, I did a threat model last week using the new tool and it was pretty intuitive. A couple of comments:

    1. Connecting the data flow arrows. I understand that this is most likely a VISIO issue, but it was frustrating trying to get those arrows to connect from one element to another.
    2. I guess my second thought is more of a question, Why are there no "2 way" arrows offered in the Threat Modeling Stencil?


    S


    Sean
    Tuesday, March 17, 2009 4:26 PM
  • Hey Sean,

    There can and may be different threats and mitigation tactics depending on the flow of data. By breaking it out, the TM allows you to define the type of data, and how you will mitigate any potential threats. I am not so sure I would want a bidirectional arrow that consolidates the flow like that.

    I think its good to actually think of the payload of data flow in each direction. The current TM DFD accomplishes that.

    As to your connecting arrow issue, that is surprising to me. I don't have any issues in the connections itself. I do have the issue where the overlay on each other and I have to move it with the yellow diamond. Not sure what is different in my deployment. Can you give more details on the pain you are having? Is it just not snapping to the endpoint for you?
    Tuesday, March 17, 2009 4:33 PM
  • Yeah, I was having issues with the arrows snapping onto the elements. It took some working around to get it connected. My system is very slow, so I just tested my issue in VISIO specifically and I am having the same issues there. So it is not a TMT issue, more a VISIO/slow machine issue.

    Issue with arrows connecting: Closed

    After looking at the sample threat model that was created for the TMT itself, I noticed that there was no trust boundary between the USER and the SDLTM.ext process itself. Why is that?

    S

    Tuesday, March 17, 2009 4:52 PM
  • Because the user started the process in his own context. There would be no boundary of trust being crossed for the commands and responses between the user and the application.

    Remember that the point of a trust boundary is to mark when untrusted input is entering, or where there is shared access to an asset. The interaction between the user and his own process is in no way such a boundary.
    Tuesday, March 17, 2009 7:14 PM
  • Ok. that makes sense. Thanks.

    S
    Tuesday, March 17, 2009 9:50 PM