Threat Analysis and Modeling Tool (TAM) tool uses a interface to provide risk measurement plug-in functionality. Interface ICalculateRisk can be found under ACEServices.Torpedo2.TMObjectModel namespace. This namespace is available by importing TMObjectModel.dll assembly which can be found in the installation directory. ICalculateRisk.CalculateRisk is the single method in the interface which needs to be implemented in order for the tool to detect the assembly as a plug-in. This method has two parameters ThreatModel (currentTM) and Threat (currentThreat) respectively, currentTM references the threat model and currentThreat references the threat for which this plug-in was invoked. The return value should be a Boolean value indicating whether the operation was successful or not. If successful, both the Impact and Probability properties of currentThreat have to be set before returning the Boolean value.
public class SampleRiskPlugin:ICalculateRisk
bool ICalculateRisk.CalculateRisk(ThreatModel currentTM, Threat currentThreat)
currentThreat.Impact = EnumImpact.High;
currentThreat.Probability = EnumProbability.High;
Once compiled, open the Threat Analysis and Modeling (TAM) tool, go to Tools -> Options and select “Risk Measurement Plug-in” tab and select the above compiled assembly. Select any threat and click on “Calculate Risk” button, it should automatically set the Risk Rating to 9.
Please not that currently tool loads the plug-in at the same trust level. Proposed feature of version 2.1 will allow users of the tool to select any predefined trust level based on the zones to load the plug-in. It will also have a custom zone which allows users to customize the permissions granted to the plug-in.