Project Anvil

At the end of last week I mentioned that the next thing I was planning on doing was some data flow diagrams for Anvil. I decided instead of using Visio and following the typical drawing method that I would use Microsoft's latest version of their Threat Analysis and Modeling Tool. Doing so I get the benefits of Trust Flow Diagrams and Call Flow Diagrams. Problem was, I had to first complete the threat model before I would get the benefits of the diagrams.

At the same time, some other work in the office required my attention for a couple of days, which has made it difficult to keep up with my commitments with Anvil. A regular problem for small companies with over extended resource allocation. I hope I can make up some of that time next week.

During the process of threat modeling over the last couple of days I found a few bugs in the tool and some features I would really like to have that would have made the process easier. I have contacted the ACE team at Microsoft who are responsible for the tool and they are now aware of the bugs and my feature requests. I wouldn't be surprised if I see some fixes coming down the road shortly.

I completed a screencast showing an overview of how I use the tool, and how you too can benefit from it. I still have some work to do on the threat model tonight, but I wanted to make sure I recorded what was going on while I had a chance.

Anvil Threat Model Screencast [Flash ~16MB]