Threat modeling: flows to and from db RRS feed

  • Question

  • First of all, I'm from Buenos Aires, ARG and this is my first time in this forum.

    I need to build some threat models (almost identical) and I have already solved almost all concerns but I need two details to take some decisions about the diagrams.

    My model will analyze threats from two open source components, one of them, with flows to and from db. I have two doubts about them.

    The first one is:

    -Would you build two diagrams, the child one for open source components or only one instead? I though of two because the application itself doesn't interact with db (only through the persistence framework, one of the component under analysis), and the components don't interact with the users. The application crosses a firewall and accept connection from users through an encrypted channel. But these flows are out of scope. On the other hand, both components are behind a firewall and their data flows are not in a encrypted channel. I think these are major differences that result in different threats. For example, being these components java code, part of the application, there are a lot of details that don't apply to them. What do you think about it?

    My second doubt is:

    In case of building one child diagram for the open source components, would you duplicate the flows representing the db connection? All the connections with database are managed by one of the open source components. Should the first level diagram show the connection to db too as a logical basis? These flows would be just formal, not real, because the application itself doesn't connect to the db. In case of duplicating, shoul I disable the threat generation for the fictitious flows at top level? What do you think about it?

    Thanks to all and have a nice day!


    • Moved by Hengzhe Li Tuesday, June 21, 2011 12:00 PM Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
    Thursday, February 10, 2011 6:51 PM


  • Gadsy - there isnt enough information about your application context here to provide good guidance on the issue. Perhaps, you can provide more detail on what the open source component does and what your application does to help us answer this better?

    Ashish Popli
    • Proposed as answer by Ashish Popli Wednesday, May 18, 2011 4:41 PM
    • Marked as answer by Ashish Popli Tuesday, June 7, 2011 10:38 PM
    Monday, May 16, 2011 7:10 PM