db.maxClassification = Classification.RESTRICTED db.levels = [2] secretDb = Datastore("Real Identity Database") secretDb.OS = "CentOS" secretDb.sourceFiles = ["pytm/pytm.py"] secretDb.isHardened = True secretDb.inBoundary = server_db secretDb.isSQL = True secretDb.inScope = True secretDb.storesPII = True secretDb.maxClassification = Classification.TOP_SECRET my_lambda = Lambda("AWS Lambda") my_lambda.hasAccessControl = True my_lambda.inBoundary = vpc my_lambda.levels = [1, 2] token_user_identity = Data("Token verifying user identity", classification=Classification.SECRET) db_to_secretDb = Dataflow(db, secretDb, "Database verify real user identity") db_to_secretDb.protocol = "RDA-TCP" db_to_secretDb.dstPort = 40234 db_to_secretDb.data = token_user_identity db_to_secretDb.note = "Verifying that the user is who they say they are." db_to_secretDb.maxClassification = Classification.SECRET comments_in_text = Data("Comments in HTML or Markdown", classification=Classification.PUBLIC) user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP"
tm.description = "This is a sample threat model of a very simple system - a web-based comment system. The user enters comments and these are added to a database and displayed back to the user. The thought is that it is, though simple, a complete enough example to express meaningful threats." User_Web = Boundary("User/Web") Web_DB = Boundary("Web/DB") VPC = Boundary("AWS VPC") user = Actor("User") user.inBoundary = User_Web web = Server("Web Server") web.OS = "CloudOS" web.isHardened = True my_lambda = Lambda("cleanDBevery6hours") my_lambda.hasAccessControl = True my_lambda.inBoundary = Web_DB #my_lambda.inBoundary = VPC # TODO: need multiple boundaries capability for these situations db = Datastore("SQL Database") db.OS = "CentOS" db.isHardened = False db.inBoundary = Web_DB db.isSQL = True db.inScope = False my_lambda_to_db = Dataflow(my_lambda, db, "(λ)Periodically cleans DB") my_lambda_to_db.protocol = "SQL" my_lambda_to_db.dstPort = 3306 user_to_web = Dataflow(user, web, "User enters comments (*)") user_to_web.protocol = "HTTP"