Welcome to the Tufts Security & Privacy Lab's (TSP) Threat Modeling Naturally Tool! This tool is part of ongoing work by TSP into threat modeling and leverages findings from our work.
You can use TMNT in one of two ways: via a Python package (see Python Package) or via our UI (see UI).
The TMNT Python package consists of the code for the DSL (tmnpy.dsl), the various engines (tmnpy.engines), and the knowledge base of threats and controls (tmnpy.kb). The UI can be self-hosted (see UI Documentation for details) or can be accessed at tsp.cs.tufts.edu/tmnt, where you can test out the tool and create a user profile and save your threat models.
You can download this repository and install the tmnt python package with
cd tmnt
pip install .
To run the UI, please refer to the UI Documentation.
If you plan on working on TMNT, please look at our Contributing Guide for details. Additionally, we recommend reviewing our documentation.
- Ronald E. Thompson, Tufts (2023 - pres.)
- Daniel Votipka, Tufts (2023 - pres.)
- Lisa Dang, Tufts (Summer 2024 - pres.)
- Yaejie (Gia) Kwon, Swathmore (Summer 2024)
- Esam Nesru, UMBC (Summer 2024)
- Christopher Pellegrini, Tufts (Spring 2024) - now at Northeastern
- Madison Red, Tufts (Spring 2024)
- Richard Zhang, Tufts (Spring 2024)
- Mira Jain, Tufts (Spring 2024)
- Caroline Chin, Tufts (Spring 2024)
Ronald E. Thompson, Madison Red, Richard Zhang, Yaejie Kwon, Lisa Dang, Christopher Pellegrini, Esam Nesru, Mira Jain, Caroline Chin and Daniel Votipka. "The Threat Modeling Naturally Tool: An Interactive Tool Supporting More Natural Flexible and Ad-Hoc Threat Modeling. In 10th Workshop on Security Information Workers (WSIW 24), Philadelphia, PA, August 2024. USENIX Association.
Ronald Thompson, Madeline McLaughlin, Carson Powers, and Daniel Votipka.
"There are rabbit holes I want to go down that I'm not allowed to go
down": An Investigation of Security Expert Threat Modeling Practices for
Medical Devices. In 33rd USENIX Security Symposium (USENIX Security 24),
Philadelphia, PA, August 2024. USENIX Association.
We hope that you'll use TMNT in your research! If you plan on using it, can you please cite with the following:
The TMNT project has been generously funded by Cisco, MedCrypt, and NSF (Grant #2149871).