-
-
Save jmarcil/3fea40f0a8e0746ff755bf7ec9189be4 to your computer and use it in GitHub Desktop.
threat modeling workshop samples
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@startuml | |
skinparam monochrome true | |
skinparam defaultTextAlignment center | |
' Root node | |
agent "Open Safe" as goal | |
' Sub goals | |
agent "Pick Lock" as picklock | |
agent "Learn Combo" as learncombo | |
agent "Cut Open Safe" as cutopensafe | |
goal --> picklock | |
goal --> learncombo | |
goal --> cutopensafe | |
agent "Find Written Combo" as findwritten | |
learncombo --> findwritten | |
agent "Get Combo from Target" as getcombotarget | |
learncombo --> getcombotarget | |
agent "Extortion" as extortion | |
agent "Evesdrop" as evesdrop | |
agent "Bribe" as bribe | |
getcombotarget --> extortion | |
getcombotarget --> evesdrop | |
getcombotarget --> bribe | |
interface "and" as and | |
evesdrop --> and | |
agent "Listen to Conversation" as listenconvo | |
agent "Target Says Combo" as targetsayscombo | |
and --> listenconvo | |
and --> targetsayscombo | |
' Abstraction (not going to model that) | |
cloud "**···**" as another | |
extortion --> another | |
@enduml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@startuml | |
skinparam monochrome true | |
skinparam defaultTextAlignment center | |
' Root nodes | |
agent "Goal" as goal | |
agent "What attackers want" as what | |
agent "Sub-goal" as subgoal | |
goal --> subgoal | |
agent "Sub-goal 2" as subgoal2 | |
goal --> subgoal2 | |
agent "Ways to get to goal" as subgoal3 | |
what --> subgoal3 | |
agent "Sub-sub goal" as subsubgoal | |
agent "Sub-sub goal 2" as subsubgoal2 | |
agent "Sub-sub goal 3" as subsubgoal3 | |
subgoal3 ---> subsubgoal | |
subgoal3 ---> subsubgoal2 | |
subgoal3 ---> subsubgoal3 | |
' Abstraction (not going to model that) | |
cloud "**···**" as another | |
subgoal ---> another | |
subgoal2 ---> subsubgoal | |
' Leaf nodes | |
agent "exploit" as exploit | |
agent "ways to get in" as ways | |
agent "weakness" as weakness | |
subsubgoal ---> exploit | |
' Chaining of exploits required to get to sub-sub goal | |
interface "and" as and | |
subsubgoal3 --> and | |
and --> weakness | |
and --> ways | |
@enduml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from pytm import * | |
tm = TM("Example Flow Diagram") | |
tm.description = "This is a sample threat model for the Threat Modeling Workshop." | |
internet = Boundary(" ") | |
user = Actor("Actor<br/>(user)") | |
web = Server("Process") | |
web.inBoundary = internet | |
api = Server("Another<br/>Process") | |
api.inBoundary = internet | |
db = Datastore("Datastore") | |
db.inBoundary = internet | |
another = SetOfProcesses("Multiples<br/>Process") | |
another.inBoundary = internet | |
user_to_web = Dataflow(user, web, "HTTPS") | |
web_to_api = Dataflow(web, api, "HTTP") | |
api_to_db = Dataflow(api, db, " ") | |
web_to_another = Dataflow(web, another, "?") | |
tm.process() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment