-
Notifications
You must be signed in to change notification settings - Fork 175
Object Model (sample)
colesmj edited this page Oct 6, 2019
·
4 revisions
When looking at an object for threat modeling and architectural modeling, it is important to keep in mind the object's characteristics and functions.
Note: I'm including this information for discussion purposes, and considering that while the core focus of this project may be to do "just threat modeling", with simple architectures and diagrams, the technology could be built in such a way as to describe arbitrary objects (architectural units), diagram them, diagram their connections to other objects, and to assess their state individually or as connected units.
Table of Contents
This section details a description language for systems, which can be used to perform analysis for purposes such as finding security weaknesses. Systems are described in terms of Nodes (process, object, or entity), Edges (channel or path), and Data (abstract objects).
- Nodes are themselves sub-systems and can be subjects for refinement.
- The parent system is a Node
- Nodes operate on, generate, or connect to Data, and may also open communication channels (Edges) as a listener, or client, or both, to other Nodes
- Nodes have properties and metadata which provide useful information about the construction, operation, and ownership of a subsystem.
- Data are themselves Nodes; reading or writing data requires an Edge
- Descriptions may be recursive and self-referential
| Source | Relationship | Target | Meaning |
|---|---|---|---|
| System | contains |
System; Node |
A System is a type of Node that can contain other Systems (as sub-systems, or to define relationships between Systems) Systems can contain Nodes |
| Node | contains | Node | Nodes can contain Nodes |
| Node | connects_to | Port | Nodes (as initiator) can communicate to Ports |
| Node | exposes | Port | Nodes can expose Ports (as target) |
| Node | calls | Node | Nodes communicate more directly (exe calling a library, for example) |
| Node | reads | Data | |
| Node | writes | Data | |
| Edge | connects | Node; Port | Edges connect 2 Nodes, or a Node to a Port, or 2 Ports (and their containing Nodes), and describe the path between them |
| Edge | transports | Data | Data Edges transport Data (object reference) |
| Subject | Attribute Prefix | Attribute Qualifiers | Meaning |
|---|---|---|---|
| Node | is.type | Node is of any type (default: unknown) | |
| .embedded | Node is an embedded process (non- desktop, mobile, or cloud) | ||
| .cloud | Node is any cloud component | ||
| .cloud.SaaS | Cloud - Software as a Service | ||
| .cloud.IaaS | Cloud - Infrastructure as a Service | ||
| .cloud.PaaS | Cloud - Platform as a Service | ||
| .mobile | Mobile - platform independent or generic, or unknown | ||
| .mobile.ios | Mobile - iOS target | ||
| .mobile.android | Mobile - Android target | ||
| .mobile.windows | Mobile - Windows CE or Mobile target | ||
| .containerized | Containerized system - Docker or other container subtype | ||
| .singleton | Process - singleton | ||
| .driver | Process - device driver | ||
| .kernel_object | Process - kernel module | ||
| .firmware | Process - embedded firmware | ||
| .hardware | Hardware device | ||
| .protected | Process - protected memory module | ||
| .os | Operating System (default: unknown or any) | ||
| .os.windows | Operating System - Windows | ||
| .os.linux | Operating System - Linux | ||
| .os.mac_os | Operating System - Mac OS | ||
| .os.bsd | Operating System - BSD (any) | ||
| .os.android | Operating System - Android | ||
| .os.ios | Operating System - iOS | ||
| .os.rtos | Operating System - Any real-time OS | ||
| Node | sourced_from | .unknown | Node is sourced from some unknown entity |
| .internal | Custom development by Company | ||
| .open_source | Sourced from an open source project or under an open source license | ||
| .commercial | Sourced from a commercial vendor or under a commercial license | ||
| .gov | Sourced from a government entity | ||
| Node | protected_method | .unknown | Process integrity protected by unknown method |
| .none | Process integrity unprotected | ||
| .signed | Process or module signed by single key | ||
| .signed.cross | Process or module signed by a cross-cert | ||
| .signed.dual | Process or module signed multiple times | ||
| .encrypted | Process or module encrypted | ||
| Node | delivered_as | .source | Module delivered in source form |
| .binary | Module delivered packaged in an unspecified format | ||
| .binary.msi | Module packaged as MSI | ||
| .binary.rpm | Module packaged as RPM | ||
| .binary.apk | Module packaged as APK | ||
| .binary.deb | Module packaged as DEB | ||
| .binary.ipk | Module packaged as IPKG or OPKG | ||
| .archive | Module packaged as an archive (default: any) | ||
| .archive.jar | Module packaged as JAR | ||
| .archive.war | Module packaged as WAR | ||
| .archive.ear | Module packaged as EAR | ||
| .archive.cab | Module packaged as CAB | ||
| .archive.zip | Module packaged as zip | ||
| Node | uses.source | Module built from source (default: any) | |
| .c | Module built from source code written in C | ||
| .cpp | Module built from source code written in C++ | ||
| .c# | Module built from source code written in C# | ||
| .java | Module built from source code written in Java | ||
| .js | Module built from source code written in JavaScript | ||
| .python | Module built from source code written in Python | ||
| .python.2 | Module built from source code written in Python 2.x | ||
| .python.3 | Module built from source code written in Python 3.x | ||
| .perl | Module built from source code written in Perl | ||
| .kotlin | Module built from source code written in Kotlin | ||
| .swift | Module built from source code written in Swift | ||
| .objective_c | Module built from source code written in Objective-C | ||
| .objective_cpp | Module built from source code written in Objective-C++ | ||
| .dalvik | Module built from source code written in Android Java | ||
| .html | Module built from source code written in HTML | ||
| .html5 | Module built from source code written in HTML5 | ||
| .xml | Module built from source code written in XML or XPath | ||
| .go | Module built from source code written in Go | ||
| Node | uses.technology | .cryptography | Module uses cryptography for any purpose |
| .cryptography.hashing | Module uses hashing (SHA, MD, etc) | ||
| .cryptography.hashing.hmac | Module uses HMACs | ||
| .cryptography.symmetric_enc | Module uses symmetric encryption | ||
| .cryptography.asymmetric_enc | Module uses asymmetric encryption | ||
| .cryptography.dig_sig | Module performs or verifies digital signatures | ||
| .cryptography.pgp_gpg | Module uses PGP, GPG, or equivalent technologies | ||
| .identity | Module uses any method for identity and authentication | ||
| .identity.pki | Module uses public/private key pairs as part of identity decisions | ||
| .identity.x509 | Module uses x509 certificates for any purpose | ||
| .identity.shared_secret | Module uses pre-shared secrets for identity | ||
| .identity.kerberos | Module uses Kerberos for identity and authentication | ||
| .identity.oauth | Module uses OAuth for identity and authentication | ||
| .identity.saml | Module uses SAML for identity and authentication | ||
| .identity.openid | Module uses OpenID for identity and authentication | ||
| .secure_boot | Module performs or relies on Secure Boot (or Trusted Boot, Verified Boot, etc) | ||
| Node | requires | .assurance | Unit requires any type of assurance for any reason |
| .assurance.security | Unit requires security assurance | ||
| .assurance.fail_safe | Unit must be fail safe | ||
| .assurance.safety | Unit must be safe or is part of a functionally safe system | ||
| .assurance.privacy | Unit must maintain privacy | ||
| .assurance.thread_safe | Unit must be thread safe | ||
| .privileges.root | Process is expected or must run as root or other elevated privileged user | ||
| .privileges.setuid | Process can execute as temporarily privileged (e.g. to open restricted ports) | ||
| .privileges.sudo | Process is expected to support temporary user granted elevation of privileges | ||
| .privileges.user | Process is expected or must run as a standard non-privileged user |
| Source | Relationship | Target | Meaning |
|---|---|---|---|
| Port | |||
| requires | .security | Port requires security capabilities of any type | |
| .security.authentication | Port requires authentication to access (e.g. challenge-response, mutual TLS, etc) | ||
| .security.process_control | Port is expected to be controlled for access externally (e.g. by firewall rules) | ||
| .security.physical | Port is expected to be physically secured from access (e.g. tamper seals) | ||
| Port | |||
| protected.method | Port protected by unspecified security requirements | ||
| .authentication | Port is protected by authentication to access (e.g. challenge-response, mutual TLS, etc) | ||
| .access_control | Port is protected by control for access externally (e.g. by firewall rules) | ||
| .physical | Port is protected by physical security from access (e.g. tamper seals) | ||
| Port | protocol | Edge represents connectivity over an unknown channel or method | |
| .physical | Connectivity is over an undefined embedded (physical) channel or method | ||
| .physical.i2c | Connectivity is over i2c | ||
| .physical.spi | Connectivity is over SPI | ||
| .physical.jtag | Connectivity is over JTAG | ||
| .physical.usb | Connectivity is over USB | ||
| .physical.infiniband | Connectivity is over Infiniband | ||
| .physical.memory | Connectivity is through shared memory | ||
| .network | Connectivity is over any network type | ||
| .network.tcp | Connectivity is over any TCP network | ||
| .network.tls | Connectivity is over the TLS protocol (1.2 or newer) | ||
| .network.ssl | Connectivity is over the SSL or legacy TLS protocols (any SSL, or TLS 1.0 or 1.1) | ||
| .network.ipv4 | Connectivity is over a generic IPv4 link | ||
| .network.ipv6 | Connectivity is over a generic IPv6 link | ||
| .network.ipsec | Connectivity is over an IPSec or VPN link | ||
| .network.mutual_tls | Connectivity is over a Mutual TLS channel | ||
| .network.dtls | Connectivity is over DTLS | ||
| .network.udp | Connectivity is over a generic UDP link | ||
| .network.usb | Connectivity is over a USB-based network | ||
| .network.ipc | Connectivity is over IPC sockets (local) or named pipes | ||
| .network.bt | Connectivity is over Bluetooth | ||
| .network.ble | Connectivity is over Bluetooth Low Energy | ||
| .file | Connectivity is file based (any) | ||
| .file.nfs | File based connectivity - NFS | ||
| .file.webdav | File based connectivity - WebDav | ||
| .file.encryptfs | File based connectivity - encryptfs | ||
| .file.ext4 | File based connectivity - ext4 | ||
| .file.ntfs | File based connectivity - NTFS | ||
| .file.luks | File based connectivity - LUKS |
| Source | Relationship | Target | Meaning |
|---|---|---|---|
| Data | encoding | .none | Data is raw bits |
| .markup | Data is encoded in an undefined format | ||
| .markup.sgml | Data is encoded as SGML | ||
| .markup.yaml | Data is encoded as YAML | ||
| .markup.xml | Data is encoded as XML | ||
| .markup.json | Data is encoded as JSON | ||
| .markup.protobuf | Data is encoded as Protobuf | ||
| .markup.properties | Data is encoded as Properties (name:value pairs) | ||
| .serialized | Data is serialization output from any language | ||
| Data | protected_by | .none | Data is un-protected at rest or in transit |
| .encrypted | Data is protected by encryption (e.g. AES or PKI) | ||
| .dig_sig | Data is protected by a digital signature (e.g. XML-DSIG, PGP, etc) | ||
| .crc | Data is protected by a CRC | ||
| Data | requires | .security | Data is sensitive and requires security assurance |
| .security.none | Data is non-sensitive or requires no security assurance | ||
| .security.confidentiality | Data is sensitive and requires confidentiality | ||
| .security.integrity | Data is sensitive and requires integrity | ||
| .security.availability | Data is sensitive and requires availability | ||
| .privacy | Data is sensitive and requires privacy | ||
| Data | is_type | Data is of an unknown or undefined type | |
| .internal_only | Data is expected to be internal to Company | ||
| .user | Data is customer facing but not user defined | ||
| .user.pii | Data is user PII | ||
| .user.phi | Data is user PHI | ||
| .user.pci | Data is user financial data | ||
| .user.voice | Data is user voice data | ||
| .user_defined | Data is generated or defined by a user | ||
| .security_sensitive | Data is arbitrary security sensitive data | ||
| .ip.internal | Data is internal or company confidential intellectual property | ||
| .ip.3rd_party | Data is 3rd party intellectual property |
| Source | Relationship | Target | Meaning |
|---|---|---|---|
| Edge | persistence | The channel persistence and reliability characteristics are unknown | |
| transports | DATA | Data (object reference) flows over this channel | |
| anchors | NODE; PORT | This channel connects Node A (object reference) to Node B (object reference) |
| Source | Relationship | Target | Qualifiers | Meaning |
|---|---|---|---|---|
| Node | metadata | name | A name for the Node | |
| label | A label for the Node, for diagramming and reference | |||
| namespace | Referential labels for grouping | |||
| created_by | Who designed, implemented, or delivered the Node | |||
| sourced_from | Internal-TeamName; Vendor-Name | The source of the Node is an internal team (name) or a vendor (name) | ||
| source_repo_ref | Source repository for this Node | |||
| scan_project | Code analysis project, if applicable | |||
| version | Version string | |||
| codename | Codename for this Node, if applicable | |||
| sku | SKU for Node (containing or top level Nodes only) | |||
| part_type | Type of device or component (containing or top level Nodes only) | |||
| description | Free-form text description of the Node - what it is, what it does, etc | |||
| notes | Free-form notes for additional information | |||
| market |
Any; Unknown; Sample-1; Sample-2; Sample-3; Internal; Customer Support |
|
||
| Edge | metadata | name | A name for the Edge | |
| label | A label for the Edge, for diagramming and reference | |||
| Port | metadata | name | A name for the Port | |
| label | A label for the Port, for diagramming and reference | |||
| port | None; Unknown; Variable; PORT_NUMBER | The physical or logical port assignment | ||
| protocol | ANY; API; Other | The protocol associated with this Port | ||
| service_name | A common service name exposed by Port | |||
| Data | metadata | name | A name for this Data | |
| label | A label for this Data, for diagramming and reference |