Microsoft Threat Analysis & Modeling
Check out
http://msdn.microsoft.com/security/securecode/threatmodeling/acetm/
on the Microsoft Threat Analysis & Modeling tool created by the Microsoft Application Consulting & Engineering (ACE) team
"
Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:
- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports"