For additional related reading, see the following resources:
For information on attack patterns, see "Attack Modeling for Information Security and Survivability," by Andrew P. Moore, Robert J. Ellison, and Richard C. Linger at http://www.cert.org/archive/pdf/01tn001.pdf
For information on evaluating threats, assets and vulnerabilities, see "Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0" on the Carnegie Mellon Software Engineering Institute Web site at http://www.sei.cmu.edu/ publications /documents/ 99. reports /99tr017/99tr017figures.html
For a walkthrough of threat modeling, see "Architect WebCast: Using Threat Models to Design Secure Solutions" at http://www.microsoft.com/usa/ webcasts/ondemand/1617.asp
For more information on creating DFDs, see Writing Secure Code, Second Edition , by Michael Howard, David C. LeBlanc.