Threat modeling is an invaluable part of the Security Development Lifecycle (SDL) process. We have discussed in the past how applying a structured approach to threat scenarios during the design phase of development helps teams more effectively and less expensively identify security vulnerabilities, determine risks from those threats, and establish appropriate mitigations.
The Microsoft Threat Modeling Tool 2016 is a free tool to help you find threats in the design phase of software projects. It’s available as a free download from the Microsoft Download Center. This latest release simplifies working with threats and provides a new editor for defining your own threats. Microsoft Threat Modeling Tool 2016 has several improvements.
- New Threat Grid
- Template Editor
- Migrating Existing Data Flow Diagrams
New Threat Grid
The threat grid has been overhauled. Now you can sort and filter on any column. You can easily filter the grid to show threats for any flow. You can sort on the interaction column if you want to group all the threats for each flow. You can sort on the changed by column if you want to find that threat you just edited.
Microsoft Threat Modeling Tool 2016 comes with a base set of threat definitions using STRIDE categories. This set includes only suggested threat definitions and mitigations which are automatically generated to show potential security vulnerabilities for your data flow diagram. To offer more flexibility, Microsoft Threat Modeling Tool 2016 gives users the option to add their own threats related to their specific domain. This means users can extend the base set of threat definitions using the template editor.
The template editor also allows users to modify the stencils available on the drawing surface. If you have a stencil you would like to make available for your DFDs, you can add it. If you need another stencil property, you can add that.
Migrating Existing Data Flow Diagrams
Threat modeling is an iterative process. Development teams create threat models which evolve over time as systems and threats change. We wanted to make sure the new version supports this flow. Microsoft Threat Modeling Tool 2016 will load any threat model from Microsoft Threat Modeling Tool 2014, in the .tm4 format. Threat models created with v3 version of the tool (.tms format) must be migrated to the Microsoft Threat Modeling Tool 2014 format (.tm4) before they can be loaded in Microsoft Threat Modeling Tool 2016. Microsoft Threat Modeling Tool 2014 offers a migration tool for threat models created with version 3.1.8. (NOTE: For migrating threat models from v3.1.8 only, Microsoft Visio 2007 or later is required).
We hope these new enhancements in Microsoft Threat Modeling Tool 2016 will provide greater flexibility and help enable you to effectively implement the SDL process in your organization.
Thank you to all who helped in shipping this release through internal and external feedback. Your input was critical to improving the tool and customer experience.
For more information and additional resources, visit:
- Microsoft Security Development Lifecycle (SDL)
- Getting Started with Threat Modeling: Elevation of Privilege (EoP) Game
- Threat Modeling: Designing for Security (BOOK)
Alex Armanasu is an Engineer on the Secure Development Tools team at Microsoft. He’s responsible for the Threat Modeling component of the Security Development Lifecycle (SDL).