azurearchitecture / threat-model-templates Goto Github PK

Getting an error when trying to open the template in MS Threat Modelling tool.

Steps to reproduce the behavior:

1. Go to "Browse" on MS Threat Modelling App
2. Click on AzureTemplate.v5
3. See error

It is expected that upon selecting the template, it should be loaded on the app and can be used to generate threat models.

Screenshots

Attaching the tmt7.exception.txt file for more information.

tmt7.exception.txt

Is it possible to get a stencil and threats for azure front door ?

Hello,

I'm Using Microsoft Threat Modeling Tool 7.3.20120.2.

When I'm trying to select This template AzureTemplate.v5.tb7 to create a TM. Im getting this below errror.

Upon veriying error log . Stacktrace is

Threat Modeling Tool, Assembly version 'TMT7, Version=7.3.20120.2, Culture=neutral, PublicKeyToken=69c3241e6f0468ca', today is 'Wednesday, July 6, 2022 12:50:38 PM'Exception information: System.InvalidOperationException: There is an error in XML document (0, 0). ---> System.Xml.XmlException: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.ThrowWithoutLineInfo(String res) at System.Xml.XmlTextReaderImpl.ParseDoctypeDecl() at System.Xml.XmlTextReaderImpl.ParseDocumentContent() at System.Xml.XmlTextReaderImpl.Read() at System.Xml.XmlReader.MoveToContent() at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReaderStandaloneKnowledgeBase.Read22_KnowledgeBase() --- End of inner exception stack trace --- at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String encodingStyle, XmlDeserializationEvents events) at ThreatModeling.ExternalStorage.KB.StandaloneKnowledgeBase.InitializeKnowledgeBaseFromDir(String filePath) at ThreatModeling.Model.KnowledgeBaseModel.InitializeFromStandaloneKb(String ThreatBaseDir) at ThreatModeling.Model.ObjectModel.CreateBase(Boolean openDesignMode, String loadFromFilePath, Boolean browseThreatBase) at ThreatModeling.Model.ObjectModel..ctor(String loadFromFilePath, Boolean openDesignMode, Boolean IsThreatBase, Boolean browseThreatBase) at ThreatModeling.ViewModel.DashboardViewModel.BrowseThreatBase(String fileName) at ThreatModeling.ViewModel.BrowseThreatBaseCommand.OpenFile(String fileName) at ThreatModeling.ViewModel.BrowseThreatBaseCommand.ExecuteImp(Object parameter) at ThreatModeling.ViewModel.Commands.TrackedCommand.Execute(Object parameter)

Any solution or workaround for this issue ?

Thanks

Describe the bug

A threat is something that can go wrong with the current solution. It is something that in case of happening it would have an impact on the system. However, seeing the current interpretation of the Threat concept in these templates, one can see they are a little confusing since are treated as security controls. Below, I provide more details.

Naming and Describing Threats as Security Controls

Some custom threats included in these templates are redacted in a way of describing the security control that needs to be placed, instead of describing the threat.

Example

1. Take a custom threat like: "3f96bbf2-1d6e-4b20-9bca-8a413008595f" and see their title and description.
2. The title for that Threat is "Ensure that multi-factor authentication is enabled for all privileged users" plus their description is "Enable multi-factor authentication for all user credentials who have write access to Azure resources."
3. The title and description are referring specifically to implementing multi-factor authentication. A multi-factor authentication is a security mechanism which aims to prevents spoofing.

Expected behavior

Instead of describing directly what mechanism needs to be implemented in the Title and Description, describe what is the threat. The threat would be that someone is able to log in due to the application only relies on password authentication. The recommendations to handle that threat would be implementing an MFA.

Information Security and Privacy regulation as Threat properties

Information Security and Privacy regulations mandate to include specific controls across different processes at organization-level. Despite the controls required for regulations, a Threat not necessary impact them.

Example

1. Take as an example the Threat identified as: "TH100", its description says: "An adversary can execute remote code on the server through XSLT scripting".
2. This threat suggest that one need to include some kind of security control to prevent remote code execution through XSLT scripting. However, including a property in the threat like "HIPPA - Does this comply with HIPAA, the US legislation that sets standards for protecting the confidentiality and security of individually identifiable health information?" can be understood like preventing this threat would help us to comply HIPPA, which ultimately can be false. HIPPA does not refer precisely to any of the technologies to store information, it only specifies high-level requirements to protect privacy and security regarding health information.
3. Finally, I consider putting so many regulations as threats properties can deviate the attention from the real purpose of threat modelling: finding and handling threats.

Expected behavior

I think Information Security and Privacy Compliance analysis is different from making threat models. I would not merge both worlds, as it could extend so many the Threat Modelling process and wouldn't be useful as a Compliance Assessment at the end.

Be great if this repo also contained a bunch of examples of different Azure scenarios to help with how to create a threat model. For example there's a template for a VPN Gateway and one for MFA but can't work out how to link them.

Describe the bug
Using Azure stencils from AzureTemplate.v5.tb7, when opening a saved diagram an error occurred (below screenshot) causing diagram unable to open.

To Reproduce

• Use any one or more Azure stencils from template AzureTemplate.v5.tb7.
• save the diagram
• Open the diagram by double-clicking or Open option within Threat Modelling Tool

Expected behavior
Diagram should open correctly without error

Screenshots

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):
Windows 11

It would be extremely helpful if the AzureTemplate.v3.tb file in this repo could be stored in the generic microsoft/threat-modeling-templates repo. Currently the microsoft/threat-modeling-templates contains the default template and a more legacy azure template and it would be nice to have a single repo with these templates in them.

Currently I clone the microsoft/threat-modeling-templates repo into the Microsoft Threat Modeling tool's Knowledgebase directory and this provides an easy mechanism to update the model templates. When templates are stored in multiple repos it's more complicated to manage the threat models specific to Azure.