{{announcement.body}}
{{announcement.title}}

Threat Modelling Tools Analysis 101

DZone 's Guide to

Threat Modelling Tools Analysis 101

Key DevSecOps solutions available and their benefits and pitfalls through a series of evaluating different tools for Technical Architects and Engineering Teams.

· DevOps Zone ·
Free Resource

Abstract

An interconnected world with an increasing number of systems, products and services relying on the availability, confidentiality, and integrity of sensitive information is vulnerable to attacks and incidents. Unfortunately, the threat landscape expands and new threats, threat agents and attack vectors emerge at all times. Defending against these threats requires that organizations are aware of such threats and threat agents. Threat modeling can be used as part of security risk analysis to systematically iterate over possible threat scenarios.

The motivation for this research came from the constantly growing need to acquire better tools to tackle the broad and expanding threat landscape. One such tool which help to categorize and systematically evaluate the security of a system, product or service, is threat modeling.

Problems With Shifting Left in Designing Secure Applications

It is believed that secure systems are a corollary indicator of high-quality systems and hence it adds value to catch these defects early in the system design and development stages. However, every Engineering team and Technical Architect is always trying to find a solution to implement threat modelling into their existing DevOps Ecosystem.

The key challenge is finding ways to adopt a security framework for designing robust enterprise applications, as it is becoming difficult to stay updated with ever changing attack surfaces and threat and vulnerabilities.

Available Solutions, Benefits, Pitfalls, and Recommendations

As a DevSecOps practitioner and Security Architect I will like to share some of the key solutions available and their benefits and pitfalls through this series of evaluating different tools. I used hands on assessments and used a parameterized technical analysis and rating system for this evaluation using business cases from the emerging techs and industries.

The key factors considered into this analysis is given in the table below. I tried to conduct and in-depth analysis and recommendation and find that it is going to be useful for teams who are planning or in the process of shifting left in their organizations or projects towards DevSecOps. The Key Audience for this report is Developers, Technical Architects, Business Analysts, IT and Operations Teams of different experience levels.

Parameters

Score 3

Score 2

Score 1

Learning Curve and time to create a model

If the learning curve is small and time to create a model is less than an hour it is user friendly for majority of target audience.

If is learning curve is medium and time to create a model is more than 1 Hr. but less than 3 Hrs. and it can be used by 30-40% of target audience.

If it is difficult to learn and time to create a model is exponentially large use by the target audience.

Ease of creating Threat Model (UX)

If the user experience is high and it is easy to create and understand the threat models created by other team

If the UX is okay, but different teams are able to understand the design created by other team.

If created by someone but the threat model is difficult to understand

Provision for pre-built templates

If many templates are available

If a few templates are available

If no templates are available

No. of Threat Modelling Frameworks Supported

More than 3 Frameworks

1 0r 2 Two frameworks

No Framework support

Design View

Availability of stencils and option to add stencils or upgrade stencils

Availability of stencils but no option or difficult to customize

Standard Stencil

Available Documentation

Available and continuously updated documentation

Available documentation but hard to follow through

Zero Documentation or basic documentation.

Analysis View

Thorough Analysis with remediation.

Analysis only with no suggested remediation

No Analysis only Design

Regular Updates

Continuous and Frequent Updates

Regular or Periodic updates but large intervals

No Updates since in last 6 months

Cost

Open Source/ Pay-Per-Use/ User based Licensing

Open Source/User Licensing/Paid (other model)

Paid

Integration in CI/CD Pipeline

Possible and plugins

available

Possible but hard to integrate

Not Possible

Microsoft Threat Modelling Tool 2017 

We started off from evaluating the two common and most easily available Threat Modelling Tool. In this series I am presenting my opinion on MSMT 2017. I tried to develop and execute a threat model for an IoT Data Flow to study the usability to identify the Threats, Vulnerabilities and Remediation proposed by these tools below.

IOT Use Case

IoT Use Case

I tried to create the data flow using Microsoft Threat Modelling Tool and below is my personal finding and opinion on the benefits and pitfalls of using the tool.

Microsoft uses Microsoft Security Development Life Cycle (SDL) to identify threats, attacks, vulnerabilities, and countermeasures that could affect your application. The Microsoft Threat Modelling Tool (MTMT) provides a standard notation for visualizing system components, data flows, and security boundaries.

The tool provides a design view to add models. You can use the canvas space to drag and drop elements from the sidebar. Drag and drop is the quickest way to build models. However, I found certain challenges in designing the model in Design View.

I was able to create a similar data flow diagram but I also wanted to create flow boundaries. The stencil allowed me to add the same however, I was not able to easily modify the size or expand the boundary. This can lead to leaving more vulnerabilities in the application when we move forward to the analysis view. There are not a lot of stencils available in default download. However, you can add more templates from GitHub specifically targeted for Azure environments.

https://github.com/AzureArchitecture/threat-model-templates


framework

When I further moved into the analysis view, we found the following analysis based on STRIDE Framework which is configured within the application and is one of the popular Threat Modeling Frameworks.

In order to add new framework, the tool provides a create your own stencils and templates.

templates

A detailed view of the Threats identified by the tool and the elements involved. You can click to see the details in the property box below the table.

diagram list

It also provides the mitigation guidance and the SDL phase Impacted with the Threat along with its severity.

analysis

I found the following outcome from my analysis of using the tool.

Key Benefits

  1. Drawing a Diagram Quickly – The drag and drop elements provides a quick way to add elements to the data model.
  2. STRIDE per Element: Guided analysis of threats and mitigations
  3. Reporting: Security activities and testing in the verification phase
  4. Marking Out of Scope: The ability to mark certain elements out of scope adds value for incremental threat analysis or when different teams are involved in Threat Modelling. Teams can choose their area of scope.

Pitfalls

  1. No integration with CI/CD Pipeline.
  2. Boundary Definitions did not work properly which can create more issues to look at than the actual to mitigate.
  3. Usability of the available stencils as they were primarily designed for DFD’s.
  4. The graphical representation does not have many customizations for presentation to different audience.

Here is my final Scoring for the Microsoft Threat Modeling tool.

Parameters

Highly Rated

Good To Use

No Value Add

Learning Curve

Yes



Ease of creating Threat Model (UX)

Yes



Provision for pre-built templates


Yes


No. of Threat Modelling Frameworks Supported


Yes


Design View


Yes


Available Documentation


Yes


Analysis View


Yes


Regular Updates




Cost




Integration in CI/CD Pipeline




My conclusion, to begin with, and gaining experience in Threat Modelling this is a good tool to use to initially capture some definite security requirements which can be added to your PBI’s and can be taken care of during the sprints.

We continue to focus and strive to build solutions for the most critical development and operations for the product and engineering teams and will continue to bring you across the next 101 on OWASP Threat Modelling Tool.

Topics:
cloud and devops, devops 2020, devops adoption, devops continuous integration, devsecops, internet of things development, research and analysis, research and development, threat modelling

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}