Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

A colleague was recently asking me about doing a simple data flow diagram for the purpose of modeling a moderately complex software project management-related process. The proposal was to use UML(http://en.wikipedia.org/wiki/Unified_Modeling_Language), which I personally have never found much use for: an inherently complex modeling language does little to illuminate the discussion of a complex process/problem, especially when quick-and-dirty is usually what people want.

My proposal was to instead use the Data Flow Diagram format described in this classic blog post on Threat Modeling - (http://blogs.msdn.com/ptorr/archive/2005/02/22/GuerillaThreatModelling.aspx).

… By which I’ll seque into a comment about the overall "Guerilla" approach to creating a software threat model, as described in that post: it’s a reasonable compromise between minimizing the cost of a potentially time-consuming process to the engineering team, and exposing the riskiest pieces of the system from a security perspective (i.e. the trust boundaries). In fact, what usually happens is people start asking "dumb" questions that expose knowledge gaps for the team as a whole. Such as, "What if somebody does xyz with component abc?" Answer: "Component abc wasn’t designed to handle that." Hmm.

 

Permalink |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment