How to Drill Down in a Dataflow Diagram

I’m often asked about the level of detail required in a dataflow diagram (DFD) for threat modeling exercises. In this article, I will provide some insights on how far you should drill down in a DFD.

1. Expanding the Diagram

It is recommended to start with the existing diagram and expand it only when necessary. Look for ambiguities, additional boundaries, or areas where further understanding is required to analyze potential attacks or defenses.

There is a reference to the ‘SDL Threat Modeling guidelines’ stating that a DFD needs more detail when there is still a trust boundary present. However, as an expert in this field, I am not familiar with this specific guideline. If you could provide a link or more information, I would be happy to review it.

2. Handling CRUD Operations

When dealing with CRUD operations on a database in a DFD, the question arises of whether to create separate dataflows for each operation or mark them as a single entity.

Consider the permissions associated with each CRUD operation. If the permissions vary across the operations or if it is necessary to clearly communicate how the software works, creating separate dataflows for each operation can be beneficial for effective communication.

Ultimately, the goal of creating a DFD is to understand, communicate, and analyze effectively. If there are guidelines or recommendations that you are unsure about, consider conducting small experiments to validate their necessity. This will help you determine whether further drilling down is required in a specific scenario.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *