Threat modeling is a means to identify and rate the threats that may affect your system. Applying threat modeling to the architecture and implementation of the application allows you to address threats with appropriate countermeasures in a logical order, starting with the threats that present the greatest risk.
Frank Swiderski, a Microsoft Security Software Engineer, has released a tool to assist in threat modeling, available at http://www.microsoft.com/downloads/details.aspx?FamilyID=62830f95-0e61-4f87-88a6-e7c663444ac1&displaylang=en. He is also the author of an as-yet-unreleased book on Threat Modeling (http://www.amazon.com/exec/obidos/tg/detail/-/0735619913/qid=1086295628/sr=8-1/ref=pd_ka_1/002-4825450-3346407?v=glance&s=books&n=507846).
The Threat Modeling Tool allows users to create threat model documents for applications. It helps to organize relevant data points, such as:
- assets
- entry points
- trust levels
- data flows
- threats and threat trees
- vulnerabilities
The tool organizes these items into a tree-based view, ensuring you're collecting and presenting the bulk of the relevant data. It exports the document as XML, HTML and MHT (includes XSLTs; I've not tinkered with that yet). You can associate a custom transformation as well (ah, XML).
I was playing with a document format to create a template-based threat model; I'm going to shift over to this tool and see what the output looks like.