Microsoft 威胁建模工具威胁Microsoft Threat Modeling Tool threats

威胁建模工具是 Microsoft 安全开发生命周期 (SDL) 的核心要素。The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). 当潜在安全问题处于无需花费过多成本即可相对容易解决的阶段,软件架构师可以使用威胁建模工具提前识别这些问题。It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. 因此,它能大幅减少开发总成本。As a result, it greatly reduces the total cost of development. 此外,我们设计该工具时考虑到了非安全专家的体验,为他们提供有关创建和分析威胁模型的清晰指导,让所有开发人员都可以更轻松地使用威胁建模。Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.

请访问 威胁建模工具 以立即开始!Visit the Threat Modeling Tool to get started today!

威胁建模工具可帮助解答某些问题,例如:The Threat Modeling Tool helps you answer certain questions, such as the ones below:

  • 攻击者如何更改身份验证数据?How can an attacker change the authentication data?
  • 如果攻击者可以读取用户配置文件数据,将造成哪种影响?What is the impact if an attacker can read the user profile data?
  • 如果拒绝访问用户配置文件数据库,将发生什么情况?What happens if access is denied to the user profile database?


为了更好地阐明此类突出问题,Microsoft 使用了 STRIDE 模型,它可以将不同类型的威胁分类,简化整体安全交流。To better help you formulate these kinds of pointed questions, Microsoft uses the STRIDE model, which categorizes different types of threats and simplifies the overall security conversations.

CategoryCategory 说明Description
欺骗Spoofing 先进行非法访问,并使用另一用户的身份验证信息,例如用户名和密码Involves illegally accessing and then using another user's authentication information, such as username and password
篡改Tampering 恶意修改数据。Involves the malicious modification of data. 示例包括未经授权更改持久保存的数据(例如保存在数据库中的数据),更改通过开放网络(例如 Internet)在两台计算机之间传输的数据Examples include unauthorized changes made to persistent data, such as that held in a database, and the alteration of data as it flows between two computers over an open network, such as the Internet
否认性Repudiation 指用户拒绝执行某个操作,但其他操作方无法证实这种拒绝无效 - 例如,某个用户在无法跟踪受禁操作的系统中执行非法操作。Associated with users who deny performing an action without other parties having any way to prove otherwise—for example, a user performs an illegal operation in a system that lacks the ability to trace the prohibited operations. 不可否认性是指系统对抗否认性威胁的能力。Non-Repudiation refers to the ability of a system to counter repudiation threats. 例如,购买某个产品的用户可能需要在收货时签收该产品。For example, a user who purchases an item might have to sign for the item upon receipt. 然后,供应商可以使用签收单来证明该用户确实收到了包裹The vendor can then use the signed receipt as evidence that the user did receive the package
信息泄露Information Disclosure 将信息透露给本应不该有权访问这些信息的个人 — 例如,用户能够读取他们未授权访问的文件,或者入侵者能够读取在两台计算机之间传输的数据Involves the exposure of information to individuals who are not supposed to have access to it—for example, the ability of users to read a file that they were not granted access to, or the ability of an intruder to read data in transit between two computers
拒绝服务Denial of Service 拒绝服务 (DoS) 攻击会拒绝向有效用户提供服务 — 例如,使 Web 服务器暂时不可用。Denial of service (DoS) attacks deny service to valid users—for example, by making a Web server temporarily unavailable or unusable. 必须防范某些类型的 DoS 威胁,这只是为了提高系统的可用性和可靠性You must protect against certain types of DoS threats simply to improve system availability and reliability
特权提升Elevation of Privilege 无特权用户获得特权访问权限,从而拥有足够的访问权限来入侵或破坏整个系统。An unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system. 特权提升威胁包括攻击者有效突破系统防御,成为受信任系统本身的一部分,这是非常危险的局面Elevation of privilege threats include those situations in which an attacker has effectively penetrated all system defenses and become part of the trusted system itself, a dangerous situation indeed