Skip to content

Instantly share code, notes, and snippets.

@jmarcil jmarcil/physicalsafe.plantuml Secret
Last active May 10, 2019

Embed
What would you like to do?
threat modeling workshop samples
@startuml
skinparam monochrome true
skinparam defaultTextAlignment center
' Root node
agent "Open Safe" as goal
' Sub goals
agent "Pick Lock" as picklock
agent "Learn Combo" as learncombo
agent "Cut Open Safe" as cutopensafe
goal --> picklock
goal --> learncombo
goal --> cutopensafe
agent "Find Written Combo" as findwritten
learncombo --> findwritten
agent "Get Combo from Target" as getcombotarget
learncombo --> getcombotarget
agent "Extortion" as extortion
agent "Evesdrop" as evesdrop
agent "Bribe" as bribe
getcombotarget --> extortion
getcombotarget --> evesdrop
getcombotarget --> bribe
interface "and" as and
evesdrop --> and
agent "Listen to Conversation" as listenconvo
agent "Target Says Combo" as targetsayscombo
and --> listenconvo
and --> targetsayscombo
' Abstraction (not going to model that)
cloud "**···**" as another
extortion --> another
@enduml
@startuml
skinparam monochrome true
skinparam defaultTextAlignment center
' Root nodes
agent "Goal" as goal
agent "What attackers want" as what
agent "Sub-goal" as subgoal
goal --> subgoal
agent "Sub-goal 2" as subgoal2
goal --> subgoal2
agent "Ways to get to goal" as subgoal3
what --> subgoal3
agent "Sub-sub goal" as subsubgoal
agent "Sub-sub goal 2" as subsubgoal2
agent "Sub-sub goal 3" as subsubgoal3
subgoal3 ---> subsubgoal
subgoal3 ---> subsubgoal2
subgoal3 ---> subsubgoal3
' Abstraction (not going to model that)
cloud "**···**" as another
subgoal ---> another
subgoal2 ---> subsubgoal
' Leaf nodes
agent "exploit" as exploit
agent "ways to get in" as ways
agent "weakness" as weakness
subsubgoal ---> exploit
' Chaining of exploits required to get to sub-sub goal
interface "and" as and
subsubgoal3 --> and
and --> weakness
and --> ways
@enduml
#!/usr/bin/env python3
from pytm import *
tm = TM("Example Flow Diagram")
tm.description = "This is a sample threat model for the Threat Modeling Workshop."
internet = Boundary(" ")
user = Actor("Actor<br/>(user)")
web = Server("Process")
web.inBoundary = internet
api = Server("Another<br/>Process")
api.inBoundary = internet
db = Datastore("Datastore")
db.inBoundary = internet
another = SetOfProcesses("Multiples<br/>Process")
another.inBoundary = internet
user_to_web = Dataflow(user, web, "HTTPS")
web_to_api = Dataflow(web, api, "HTTP")
api_to_db = Dataflow(api, db, " ")
web_to_another = Dataflow(web, another, "?")
tm.process()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.