There are many ways to
build visual models of a system.
Data Flow Diagram
A Data Flow Diagram illustrates
how information flows through, into, and out of a system. They are especially
useful when evaluating data-intensive processes and looking at how data is
shared between systems or organizations.
It uses defined symbols like rectangles, circles and arrows,
plus short text labels, to show data inputs, outputs, storage points and the
routes between each destination. Data flowcharts can range from simple
process overviews, to multi-level Data flow diagrams that shows how the data is
handled. These can be used to analyze an existing system or model a new one. (Lucid Chart, n.d.)
Swim Lane Diagram
A swim lane diagram is a type
of flowchart. It diagrams a process from start to finish, and also divides
these steps into classifications to help distinguish which departments or
employees are responsible for each set of actions.
These lanes are columns that keep actions
visually separated from others. A swim lane diagram makes responsibilities clearer
than a regular flowchart. When looking to improve processes, knowing which
department is responsible for what can help speed up the process of correcting
inefficiencies and eliminating delays.
Trust Boundary is a place where more than one
principal interacts—thus, where threats are most clearly visible. Threats are
not restricted to trust boundaries but almost always involve actions across
trust boundaries. A trust boundary and an attack surface are very similar views
of the same thing. An attack surface is a trust boundary and a direction from
which an attacker could launch an attack. (Shostack)
Trust Boundaries can also be defined as:
Trust Boundary is any place in a system
that the level of trust and reliability in the data being used changes. Look
back at the diagram you just drew of your application. Look at where the data
is coming from and think about how it could be tainted if one’s not paying
attention. Follow this line of thought out to the last trusted node in the
system. The next hop after that is where the trust boundary changes. (Websec, n.d.)
Also, Trust boundary is a term
in computer science and security used to describe a
boundary where program data or execution changes its level of
Questions in Threat Modeling
are you Building?
can go wrong?
are you going to do about it?