Microsoft 威胁建模工具Microsoft Threat Modeling Tool

威胁建模工具是 Microsoft 安全开发生命周期 (SDL) 的核心要素。The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). 当潜在安全问题处于无需花费过多成本即可相对容易解决的阶段,软件架构师可以使用威胁建模工具提前识别这些问题。It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. 因此,它能大幅减少开发总成本。As a result, it greatly reduces the total cost of development. 此外,我们设计该工具时考虑到了非安全专家的体验,为他们提供有关创建和分析威胁模型的清晰指导,让所有开发人员都可以更轻松地使用威胁建模。Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.

任何人都可以使用该工具来实现以下目的:The tool enables anyone to:

  • 交流系统的安全设计Communicate about the security design of their systems
  • 使用经过证实的方法分析这些设计是否存在潜在安全问题Analyze those designs for potential security issues using a proven methodology
  • 建议和管理针对安全问题的缓解措施Suggest and manage mitigations for security issues

下面只是该工具的一部分功能和创新:Here are some tooling capabilities and innovations, just to name a few:

  • 自动化: 有关绘制模型的指导和反馈Automation: Guidance and feedback in drawing a model
  • STRIDE per Element: 引导式威胁分析和缓解措施STRIDE per Element: Guided analysis of threats and mitigations
  • 报表: 验证阶段的安全活动与测试Reporting: Security activities and testing in the verification phase
  • 唯一方法: 使用户能够更好地直观了解威胁Unique Methodology: Enables users to better visualize and understand threats
  • 专为开发人员设计,以软件为中心: 许多方法是以资产或攻击者为中心。Designed for Developers and Centered on Software: many approaches are centered on assets or attackers. 我们是以软件为中心。We are centered on software. 我们的解决方案构建在所有软件开发人员和架构师都很熟悉的活动基础之上 - 例如,为软件体系结构绘图We build on activities that all software developers and architects are familiar with -- such as drawing pictures for their software architecture
  • 注重设计分析: 术语“威胁建模”可以指需求,也可以指设计分析技术。Focused on Design Analysis: The term "threat modeling" can refer to either a requirements or a design analysis technique. 有时,它指的是两者的复杂混合形式。Sometimes, it refers to a complex blend of the two. Microsoft SDL 的威胁建模方法是一种有重点的设计分析技术The Microsoft SDL approach to threat modeling is a focused design analysis technique

后续步骤Next steps

下表包含可帮助你开始使用此威胁建模工具的重要链接:另请参阅:系统要求The table below contains important links to get you started with the Threat Modeling Tool: See also: System requirements

步骤Step 说明Description
11 下载威胁建模工具Download the Threat Modeling Tool
22 阅读入门指南Read Our getting started guide
33 熟悉功能Get familiar with the features
44 了解有关已发生威胁的类别Learn about generated threat categories
55 查找已发生威胁的缓解措施Find mitigations to generated threats


下面是几篇较旧的文章,仍然与目前的威胁建模相关:Here are a few older articles still relevant to threat modeling today:

查看一些威胁建模工具专家已完成的作品:Check out what a few Threat Modeling Tool experts have done: