6.2.2. Data Flow Diagrams
Data flow diagrams (DFDs) are typically used to graphically represent a system, but you can use a different representation (such as a UML diagram) as long as you apply the same basic method: decompose the system into parts and show that each part is not susceptible to relevant threats.
DFDs use a standard set of symbols consisting of four elements: data flows, data stores, processes, and interactors, and for threat modeling we add one more—trust boundaries.
See also:
https://www.owasp.org/index.php/Threat_Risk_Modeling
http://msdn.microsoft.com/en-us/magazine/cc163519.aspx
http://www.microsoft.com/security/sdl/process/design.aspx
http://youtu.be/wUt8gVxmO-0