-
Notifications
You must be signed in to change notification settings - Fork 2
Working with Data Flow Diagrams
Eric Fitzgerald edited this page Nov 12, 2025
·
5 revisions
Comprehensive guide to creating and editing data flow diagrams (DFDs) in TMI.
Data flow diagrams are visual representations of how data moves through your system. They help identify trust boundaries, data flows, and potential threat surfaces.
A DFD shows:
- Components that process or store data
- Data flows between components
- Trust boundaries that separate security zones
- External entities that interact with the system
- Threat modeling applications and systems
- Security architecture reviews
- Identifying attack surfaces
- Documenting data handling
- Open your threat model
- Click "New Diagram" or "Add Diagram"
- Give it a descriptive name
- Start adding components
Consider creating different diagram types:
- Context Diagram: High-level system overview
- Level 0: Major system components
- Level 1+: Detailed subsystem views
- Sequence Diagrams: Time-based interactions (future feature)
Represents a component that transforms or processes data.
Visual: Rectangle
Examples:
- Web Server
- Authentication Service
- Payment Processor
- Data Transformer
Properties:
- Name: Identifies the process
- Description: What it does
- Type: Process type (if applicable)
Represents where data is stored.
Visual: Parallel horizontal lines
Examples:
- Database
- File System
- Cache
- Message Queue
- Log Storage
Properties:
- Name: Store identifier
- Description: What data is stored
- Type: Storage type
Represents external users or systems.
Visual: Square/Rectangle
Examples:
- End Users
- Third-party APIs
- External Services
- Administrators
Properties:
- Name: Entity name
- Description: What/who it represents
- Type: User, System, Service
Represents data moving between components.
Visual: Arrow
Examples:
- API Request
- Database Query
- File Transfer
- Event Message
Properties:
- Label: What data flows
- Direction: One-way or bidirectional
- Protocol: HTTP, HTTPS, gRPC, etc.
Represents security or trust zone boundaries.
Visual: Dashed line or box
Examples:
- Internet to DMZ
- DMZ to Internal Network
- Application tier to Data tier
- Authenticated vs Unauthenticated
Properties:
- Name: Boundary identifier
- Description: What the boundary separates
- Select component type from toolbar
- Click on canvas where you want to place it
- Enter name (double-click to edit)
- Add properties in the properties panel
Some implementations support:
- Dragging from component palette
- Dropping on canvas
- Automatic connection
- Select the data flow tool
- Click on source component
- Click on destination component
- Label the flow with data description
- One-way: Single arrow
- Bidirectional: Double arrow or two separate flows
- Multiple flows: Create separate flow for each data type
Be specific about what data flows:
Good labels:
- "Customer PII (name, email, address)"
- "Authentication Token (JWT)"
- "Credit Card Data (PAN, CVV)"
- "Database Query (SQL)"
Poor labels:
- "Data"
- "Request"
- "Info"
Trust boundaries mark where:
- Security context changes
- Authentication is required
- Data sensitivity changes
- Threat landscape differs
- Internet to DMZ: Public to semi-trusted
- DMZ to Internal: Semi-trusted to trusted
- Process isolation: Between different security contexts
- Network segmentation: Between network zones
- Select boundary tool
- Draw boundary around related components
- Label the boundary
- Document what it represents
- Begin with high-level view
- Add detail incrementally
- Create multiple diagrams for complex systems
- Use descriptive, consistent names
- Avoid abbreviations unless well-known
- Include role/function in name
- Document all data movement
- Include error flows
- Show authentication/authorization flows
- Identify all security zone changes
- Show where authentication occurs
- Mark where data sensitivity changes
- One diagram per system/subsystem
- Don't overcrowd a single diagram
- Link related diagrams
- Similar components get similar shapes
- Consistent naming conventions
- Uniform level of detail
- Click to select
- Shift+Click for multiple selection
- Drag box to select multiple
- Drag selected component
- Arrow keys for precise movement
- Snap to grid (if enabled)
- Drag corner handles to resize
- Maintain aspect ratio
- Size to fit label
- Select component
- Press Delete key
- Or right-click → Delete
- Select component
- Ctrl/Cmd+C to copy
- Ctrl/Cmd+V to paste
- Visual representation of threat locations
- Easy identification of affected components
- Better understanding of threat context
- Create or edit a threat
- Find "Linked Components" section
- Select diagram components affected by threat
- Save
Linked components may show:
- Highlight or badge
- Risk level indicator
- Count of linked threats
[User] --HTTPS--> [Web Server]
|
HTTP/DB
↓
[Database]
Trust boundary: Between User and Web Server
[Mobile App] ────┐
│
[Web App] ───────┼──HTTPS──> [API Gateway] ──> [Auth Service]
│ │
[Admin UI] ──────┘ ├──> [User Service] ──> [User DB]
│
└──> [Order Service] ──> [Order DB]
Trust boundaries:
- Internet to API Gateway
- API Gateway to internal services
[Customer] --credit card--> [Web App] ════════════╗
║ Trust Boundary ║
╔═══════════════════════════╝ ║
║ ║
║ [Payment Service] --tokenize--> [Tokenizer] ║
║ | ║
║ process ║
║ ↓ ║
║ [Payment Gateway] <--external--> ║
╚══════════════════════════════════════════════╝
- Multiple users can edit simultaneously
- See collaborator cursors
- Changes appear immediately
- Automatic conflict resolution
- Communicate: Let others know before major changes
- Small changes: Make incremental updates
- Review together: Use for design sessions
- Save often: Though auto-save handles this
Potential export options:
- PNG image
- SVG vector
- PDF document
- JSON data
- Screenshot for presentations
- Link directly in threat model notes
- Reference in external documentation
- Emphasize data flows over implementation details
- Show what data moves, not how
- Include data classification/sensitivity
- Highlight valuable data stores
- Show where credentials are handled
- Mark PII and sensitive data
- Where authentication occurs
- Where authorization is checked
- Session management points
- Use notes to document what's included/excluded
- Clarify trust assumptions
- Note out-of-scope items
- Learn about Managing Threats and linking them to diagrams
- Explore Collaborative Threat Modeling
- Review Creating Your First Threat Model
- Using TMI for Threat Modeling
- Accessing TMI
- Authentication
- Creating Your First Threat Model
- Understanding the User Interface
- Working with Data Flow Diagrams
- Managing Threats
- Collaborative Threat Modeling
- Using Notes and Documentation
- Timmy AI Assistant
- Metadata and Extensions
- Planning Your Deployment
- Terraform Deployment (AWS, OCI, GCP, Azure)
- Deploying TMI Server
- OCI Container Deployment
- Certificate Automation
- Deploying TMI Web Application
- Setting Up Authentication
- Database Setup
- Component Integration
- Post-Deployment
- Branding and Customization
- Monitoring and Health
- Cloud Logging
- Configuration Management
- Config Migration Guide
- Database Operations
- Database Security Strategies
- Security Operations
- Performance and Scaling
- Maintenance Tasks
- Getting Started with Development
- Architecture and Design
- API Integration
- Testing
- Contributing
- Extending TMI
- Dependency Upgrade Plans
- DFD Graphing Library Reference
- Migration Instructions
- Issue Tracker Integration
- Webhook Integration
- Addon System
- MCP Integration
- Delegated Content Providers