Prev | Next |
Trust Diagram
A Trust diagram can serve different purposes, depending on what you want to model and examine. Initially, the Trust diagram might capture sections of a process and show how those sections are locked in to each other or separate from each other by enclosing the elements in Trust Boundaries. You might then have a separate diagram to show what threats to the system exist, what particular elements are open to those threats, and what measures might be put in place to mitigate the threats. This could be one diagram representing all of the system under investigation, or several diagrams each representing one segment or one threat type.
Example Diagrams
The Threat Model with multiple trust boundaries pattern in the 'Create from Pattern' tab (Model Wizard) creates an example of a Threat Model structure with Packages for Trust diagram elements and identified threats. In addition, it provides the concept for establishing traceability between the identified threats and the Trust diagram elements that the threat is associated with.
Derived from this pattern, the first figure shows several trust boundaries differentiating between specific security constraints.
The next figure shows a list of identified threats with appropriate Tagged Values used for threat evaluation.
The third figure illustrates the existing Trace relationships between Threats and Trust diagram elements in the Relationship Matrix.
The final figure shows the existing Trace relationships between Threats and Trust diagram elements in the Relationship Matrix special diagram view.