Last active
April 18, 2019 21:15
-
-
Save jmarcil/5aa3ddb5b23d51760cbd5ff228a26978 to your computer and use it in GitHub Desktop.
threat modeling toolkit cryptocurrencies plantuml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@startuml | |
skinparam monochrome true | |
skinparam defaultTextAlignment center | |
agent "Steal cryptocurrency" as steal | |
agent "Manipulate the market" as market | |
agent "Invade privacy" as privacy | |
agent "Expose their spending habits" as spy | |
privacy --> spy | |
agent "View their transactions on blockchain" as blockchain | |
spy --> blockchain | |
agent "Gain wallet access" as wallet | |
steal --> wallet | |
agent "**I**nternet **C**on **O**peration" as con | |
steal --> con | |
agent "Steal physical wallet\nand password" as phys | |
agent "Find wallet seed" as seed | |
agent "Gain access to\nlocal software wallet" as accesswallet | |
agent "Gain access to\n web based wallet" as webwallet | |
wallet --> phys | |
wallet --> accesswallet | |
wallet --> webwallet | |
accesswallet --> seed | |
agent "Weak seeding algo" as weakseed | |
seed --> weakseed | |
agent "Malware" as malware | |
accesswallet --> malware | |
agent "Gain remote access\nto local API" as api | |
agent "Authentication bypass" as lackauth | |
agent "DNS rebinding attack" as dnsrebind | |
accesswallet --> api | |
interface "and" as and | |
api --> and | |
and --> lackauth | |
and --> dnsrebind | |
agent "Gain exchange access" as xaccess | |
agent "Steal account" as xaccount | |
'agent "Compromise network" as xnetwork | |
agent "API access" as xapi | |
agent "Steal API keys" as xkeys | |
agent "Authentication bypass" as xauthbypass | |
steal --> xaccess | |
xaccess ---> xaccount | |
'xaccess --> xnetwork | |
xaccess --> xapi | |
xapi --> xkeys | |
xapi --> xauthbypass | |
xapi --> xaccount | |
agent "Denial of service" as dos | |
market --> dos | |
market --> xaccess | |
'market -> steal | |
cloud "**···**" as another | |
xaccount --> another | |
cloud "**···**" as anothertwo | |
cloud "**···**" as anotherthree | |
xauthbypass --> anothertwo | |
xkeys --> anotherthree | |
'spy --> xaccess | |
'spy --> wallet | |
@enduml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment