jmarcil/physicalsafe.plantuml Secret

## physicalsafe.plantuml

@startuml
skinparam monochrome true
skinparam defaultTextAlignment center

' Root node
agent "Open Safe" as goal

' Sub goals
agent "Pick Lock" as picklock
agent "Learn Combo" as learncombo
agent "Cut Open Safe" as cutopensafe

goal --> picklock
goal --> learncombo
goal --> cutopensafe

agent "Find Written Combo" as findwritten
learncombo --> findwritten

agent "Get Combo from Target" as getcombotarget
learncombo --> getcombotarget
agent "Extortion" as extortion
agent "Evesdrop" as evesdrop
agent "Bribe" as bribe
getcombotarget --> extortion
getcombotarget --> evesdrop
getcombotarget --> bribe

interface "and" as and
evesdrop --> and

agent "Listen to Conversation" as listenconvo
agent "Target Says Combo" as targetsayscombo
and --> listenconvo
and --> targetsayscombo

' Abstraction (not going to model that)
cloud "**···**" as another
extortion --> another

@enduml

## sample.plantuml
@startuml
skinparam monochrome true
skinparam defaultTextAlignment center

' Root nodes
agent "Goal" as goal
agent "What attackers want" as what

agent "Sub-goal" as subgoal
goal --> subgoal

agent "Sub-goal 2" as subgoal2
goal --> subgoal2

agent "Ways to get to goal" as subgoal3
what --> subgoal3

agent "Sub-sub goal" as subsubgoal
agent "Sub-sub goal 2" as subsubgoal2
agent "Sub-sub goal 3" as subsubgoal3
subgoal3 ---> subsubgoal
subgoal3 ---> subsubgoal2
subgoal3 ---> subsubgoal3

' Abstraction (not going to model that)
cloud "**···**" as another
subgoal ---> another
subgoal2 ---> subsubgoal

' Leaf nodes
agent "exploit" as exploit
agent "ways to get in" as ways
agent "weakness" as weakness

subsubgoal ---> exploit

' Chaining of exploits required to get to sub-sub goal
interface "and" as and
subsubgoal3 --> and
and --> weakness
and --> ways

@enduml

## sample.py
#!/usr/bin/env python3

from pytm import *

tm = TM("Example Flow Diagram")
tm.description = "This is a sample threat model for the Threat Modeling Workshop."

internet = Boundary(" ")

user = Actor("Actor<br/>(user)")

web = Server("Process")
web.inBoundary = internet

api = Server("Another<br/>Process")
api.inBoundary = internet

db = Datastore("Datastore")
db.inBoundary = internet

another = SetOfProcesses("Multiples<br/>Process")
another.inBoundary = internet

user_to_web = Dataflow(user, web, "HTTPS")
web_to_api = Dataflow(web, api, "HTTP")
api_to_db = Dataflow(api, db, " ")
web_to_another = Dataflow(web, another, "?")

tm.process()

	@startuml
	skinparam monochrome true
	skinparam defaultTextAlignment center

	' Root node
	agent "Open Safe" as goal

	' Sub goals
	agent "Pick Lock" as picklock
	agent "Learn Combo" as learncombo
	agent "Cut Open Safe" as cutopensafe

	goal --> picklock
	goal --> learncombo
	goal --> cutopensafe

	agent "Find Written Combo" as findwritten
	learncombo --> findwritten

	agent "Get Combo from Target" as getcombotarget
	learncombo --> getcombotarget
	agent "Extortion" as extortion
	agent "Evesdrop" as evesdrop
	agent "Bribe" as bribe
	getcombotarget --> extortion
	getcombotarget --> evesdrop
	getcombotarget --> bribe

	interface "and" as and
	evesdrop --> and

	agent "Listen to Conversation" as listenconvo
	agent "Target Says Combo" as targetsayscombo
	and --> listenconvo
	and --> targetsayscombo

	' Abstraction (not going to model that)
	cloud "···" as another
	extortion --> another

	@enduml
	#!/usr/bin/env python3

	from pytm import *

	tm = TM("Example Flow Diagram")
	tm.description = "This is a sample threat model for the Threat Modeling Workshop."

	internet = Boundary(" ")

	user = Actor("Actor<br/>(user)")

	web = Server("Process")
	web.inBoundary = internet

	api = Server("Another<br/>Process")
	api.inBoundary = internet

	db = Datastore("Datastore")
	db.inBoundary = internet

	another = SetOfProcesses("Multiples<br/>Process")
	another.inBoundary = internet

	user_to_web = Dataflow(user, web, "HTTPS")
	web_to_api = Dataflow(web, api, "HTTP")
	api_to_db = Dataflow(api, db, " ")
	web_to_another = Dataflow(web, another, "?")

	tm.process()