Skip to content

Stencils

Stencils define the building blocks for hardware models and data flow diagrams in TTModeler. They represent the types of elements that can be used in threat modeling diagrams, including their properties and associated threat rules.

Stencil Types

TTModeler supports the following stencil types:

  • Process: Components executing code
  • Data Store: Things storing data
  • External Entity: Actors or systems outside the system boundary
  • Data Flow: Data transmitted between entities
  • Trust Area: Boundaries separating different trust zones
  • Physical Link: Link between physical and logical world
  • Interface: Communication interface

Logical vs Physical Stencils

Some stencil types are divided into logical and physical variants to support different modeling perspectives:

  • Logical stencils: Abstract representations (e.g., Process, Web Server, Database)
  • Physical stencils: Hardware-level representations (e.g., Processor, ASIC, Memory Chip)

This distinction allows threat modeling at both architectural and implementation levels. Physical stencils are used in hardware models, logical ones in data flow diagrams.

Data Flow Protocols

For data flow connections, specific protocols can be created as stencils. This enables precise modeling of communication methods (e.g., HTTP, CAN) and allows threat rules to evaluate protocol-specific vulnerabilities.

Properties

Each stencil can define custom properties that characterize elements of that type. Properties can include:

  • Check Box: Boolean flags (e.g., "Encrypted", "Authenticated")
  • Diagram Reference: Possibility to reference other diagrams
  • Low Medium High Select: Three value select
  • Data Select: Assigned data assets
  • Physical Element Select: Assigned physical element
  • Scale Select MyData_Sensitivity: Scale for data sensitivity, scale defined in Risk Assessment
  • Stencil Type: Editing of the exact stencil type (may be changed within a group)
  • Text Area: Multi line area for custom text
  • Text Box: Single line box for custom text

These properties are configured at the stencil level and become available for all diagram elements using that stencil. Property values are set on individual elements during threat modeling in the property editor (see Editor).

Each group (process, data store, etc.) contains a default stencil. Further type stencils can be created. Properties and threats are inherited. It is possible to overwrite the default value of the default stencil. For example, the default physical data storage might not be removable. A stencil for "SD card" can overwrite this property and set "Is Removable" to true.

Threat Rules

Threat rules can be defined for each stencil to automatically generate attack scenarios based on element properties. Rules evaluate the configured properties and, when conditions are met, create corresponding threats.

For example, a rule for a "Data Store" stencil might check if the "Encrypted" property is set to false and generate an "Unauthorized Data Access" attack scenario if the condition matches.

These rules enable automated threat identification based on the specific characteristics of elements in your diagrams. See Threat Rules for more details on rule configuration.

Template

Templates allow grouping multiple stencils together with a predefined layout. When a user drags a template onto the canvas, all stencils in the group are created simultaneously with their configured positioning.

Template settings include:

  • Diagram visibility: Define in which diagram types (hardware model, data flow diagram) the template appears
  • Group assignment: Specify in which stencil groups (e.g., Process, Data Store) the template is listed in the UI

This feature enables rapid creation of common patterns and component groups.

Mnemonic

The mnemonic feature provides a mechanism to rapidly add STRIDE-per-Element threat rules for each stencil type. This allows quick configuration of standard threat patterns (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) that are typically associated with specific element types. Custom mnemonics can be added.

Usage in Threat Modeling

When creating hardware models or data flow diagrams, users select from the available stencils to build their system representation. The properties and threat rules defined at the stencil level are automatically applied to each element, ensuring consistent threat analysis across the model. Note that all element properties must be checked manually. There is a button in the toolbar Unchecked elements icon that jumps to elements that have not been checked so far.