Add templates to the list of sample threat models #220
Comments
|
Hello @tmart234 - this is a very good sugestion. Threat Dragon does not scale well, at least not at the moment, so it would be good to think of how to introduce templates, hierarchy, etc Can you expand on your ideas and provide some thoughts on how it would be implemented? Cheers, Jon |
|
What about making the threat library/rules that is already there available for editing and maybe adding the possibility of making more than one of each. I'm picturing a tree structure with a generic threat with multiple children beneath that can be applied in each instance. Maybe this could be a stepping stone in the right direction that could hopefully come before 2.x? |
|
Hello @gobrtg - just checking my understanding, this is a hierarchy of threats applied to elements within one diagram? Not a tree of diagrams? There is a lot of work we need to do on the threat generation rule engine, and this might be related to that |
|
Transferred to threat dragon repo |
|
To make threat modeling highly repeatable, you’d create a model from an existing template. Tree structure would apply to any “generic” components (threats and elements). A template contains set of non-generic elements, the non-generic threat list, all the threat properties, and threat logic. |
|
Most people describe threat modeling process as: 1. Identify Assets 2. Create an Architecture Overview 3. Decompose the Application 4. Identify the Threats 5. Document the Threats 6. Rate the Threats |
|
In the new version 1.5 (due out this week) we have created a @tmart234 and @gobrtg did you want to see what you think? There is also the OWASP threat model cookbook site at https://github.com/OWASP/threat-model-cookbook/pulse, but that may not be specific enough to Threat Dragon ... there is a model in there from TD to show what could be done |
|
Referencing the threat modeling manifesto, Templates really help to assist with: “what are we working on?” .. Not in terms of a specific application, but in terms of describing consistent system components, Architecture, and environmental aspects (boundaries, flows, & external actors). And also addresses “what could go wrong?” in terms of the threat list, threat logic, and threat generation. Again, I don’t think threat dragon should ever be responsible for providing the templates themselves to the modelers. this should only be provided by 3rd party domain experts as The tool simply couldn’t cover every domain. Other modeling tooling tries to do this (provide a non-generic threat list) and fails bc the tooling could never extensively cover domains like mobile, embedded systems, OT, automotive, medical, etc. |
|
Here are some examples of threat model templates. Not sure what other tools, besides MS tool, have the concept. |
|
This is something we should strive for in version 2.x. We're currently working hard to get version 2.0 ready for release, as it will address some security related issues as well as a bunch of other open github issues. The only concern I have with this idea would be that it could wind up adding a bit of complexity to the threat modeling process. I think it'd work so long as we maintain the traditional threat-modeling flow, but add some sort of connector for an optional templating engine. So unfortunately, we won't be working on it immediately, but hope to get to it in the relatively near future! |
|
Your comment is completely correct in increasing complexity of the tool and overall process… but if the threat model practitioner was to use an existing template supporting automatic Threat generation, then the traditional processes is actually simplified because now modeler does not manually manage Threat generation and adopts properties of non-generic element. Of course, as you mentioned, maintain the current flow of the tool, the generic elements, manual Threat entries, etc. |
|
I believe now is an opportune moment to consider implementing this idea, especially since the release of the 2.0.x version. I propose that, similar to how you have limited data store objects to certain STRIDE terms, we apply the same approach to templates. For instance, we can have a data store object where all threats are automatically assigned based on the properties filled in by the modeler. The modeler can then review and determine whether specific threats should remain open or be closed. This way, we can save time by not having to manually add threats for each service and application, and instead focus on quickly auditing them. Initially, this step should be less challenging and complex compared to adding an engine functionality for customizable threats. |
|
Hello @iman4000 , I agree - the problem we have is the lack of contributors, so if you can help out that would be great |
|
studying to get my certification here, but I am on vacation. I will try to help in the 1st week of July :-) |
|
I'm enthusiastic about contributing and lending a hand to this project. However, I want to make it clear that my expertise lies in Python rather than JavaScript. If there's a way I can assist in achieving this goal using Python or any other relevant technology, please let me know. I'll be more than happy to contribute in the best way I can. |
|
This issue is stale because it has been open for 6 months with no activity. |
|
The list of threat models contained in the 'Explore a sample threat model' is the natural place for the threat model templates / starting point |
Add feature to import a threat template or a list of pre defined threats. Seems ... chaotic to have to re-add threats for every model that you design. especially if designing a lot of threat models. When reusing components/elements, you will encounter the same threats... this tool should scale to reuse predefined components/elements and threats. Process of generating threat list is way too manual.
The text was updated successfully, but these errors were encountered: