Shostack + Friends Blog

Message Sequence Charts

Swim lane diagrams have been formalized in message sequence charts - what that means.

I was not aware that the ITU had formalized swim lane diagrams into Message Sequence Charts. While you don't need to use these formalizations, the choices they made, and the comparisons to UML's diagrams can be interesting, especially if there are tricky corners where you're having trouble modeling some flow. For example, "They work particularly great in opening up assumptions (e.g., so many times a message from server to another has proven to be actually relayed through a browser redirection) and also if you mark state machine transitions on it, you'll see false assumptions there too."

Thanks to Antti Vähä-Sipilä for pointing them out (along with the use case) in the OWASP Threat Modeling slack channel. (Join via OWASP Slack Channel.)

Originally published by Adam on 06 Nov 2019
Categories: threat modeling visualization

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.