-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathtmac-example-uml.m
More file actions
133 lines (108 loc) · 2.82 KB
/
tmac-example-uml.m
File metadata and controls
133 lines (108 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
@startuml
skinparam componentStyle uml2
'Title'
skinparam titleBorderRoundCorner 15
skinparam titleBorderThickness 2
skinparam titleBorderColor black
title
<b><&shield> Threat Model - <u><i>French Toast App</i></u></b>
Risk level: <b>HIGH</b>
endtitle
'Color determined my risk level'
skinparam titleBackgroundColor red
'Footer'
center footer Reviewed by: **108bots.net** Last Updated: **%date%**
'Legend/Help'
skinparam legendBorderRoundCorner 15
skinparam legendBorderThickness 2
skinparam legendBorderColor black
skinparam legendBackgroundColor lightblue
legend right
==__**HELP**__==
--**Some Threat Factors**--
* Handles sensitive data? **Yes/No/NA**
* Authenticates? **Src/Dest/Both/No/NA**
* Authorizes? **Yes/No/NA**
* Encrypts (Communication)? **Yes/No/NA**
* Encrypts (Storage)? **Yes/No/NA**
* Validates input? **Yes/No/NA**
* Santizes output? **Yes/No/NA**
* Logs Events? **Yes/No/NA**
--**Colors**--
* **HIGH** Risk: <font color=red>**Red**
* **MEDIUM** Risk: <font color=yellow>**Yellow**
* **LOW** Risk: <font color=green>**Green**
* **TBD** Risk: <font color=grey>**Grey**
endlegend
'Components Section'
cloud "Toast Intel sources" as TIS
cloud "Sample Now" as SN
database "Toast Intel framework" as TIF
database "TIP doughbase" as TIPdb
[Toast Intel Platform] as TIP
[sugar Tools] as ST
actor taster
actor "Other tasters" as OT
frame frenchToast {
[Collector] as Col
database "frenchToast doughbase" as Bfdb
interface "taster table" as Awt
[frenchToast Backend API] as Bbapi
[gluten Backend API] as Gapi
}
frame "sugar Backend" {
database "Cane Store" as Vdb
}
'Links Section'
taster <--> Awt : Invited
Awt <--> Bbapi
Bbapi <--> Gapi : secure
TIS --> TIF
TIPdb <--> TIP : insecure
Bfdb --> Vdb
Bfdb <--> TIPdb
ST --> Col
Col --> Gapi : insecure
Gapi --> TIF
Gapi --> ST
ST --> Col
ST --> TIP
Bbapi <--> SN : secure
SN <--> OT : Uninvited
'Threat Model Section'
note bottom of Gapi #lightgreen {
==**Risk - __LOW__**==
--**Threat Factors**--
* Handles sensitive data? **No**
* Authenticates? **Both**
--**Recommendations**--
--**Comments**--
}
note right of OT #red {
==**Risk - __HIGH__**==
--**Threat Factors**--
* Handles sensitive data? **Yes**
* Authenticates? **No**
* Authorizes? **No**
* Encrypts (Communication)? **No**
--**Recommendations**--
Other users need to be authenticated
--**Comments**--
}
note top of Vdb #yellow {
==**Risk - __MEDIUM__**==
--**Threat Factors**--
* Handles sensitive data? **Yes**
* Validates input? **No**
* Encodes outout? **No**
--**Recommendations**--
--**Comments**--
}
note bottom of TIF #grey {
==**Risk - __TBD__**==
--**Threat Factors**--
* TBD
--**Recommendations**--
--**Comments**--
}
@enduml