DSL

tmnpy.dsl.component.Component(name, desc, ...)

A component is very similar to an element, but it specifically refers to a component of the system being threat modeled (rather than an element of the threat model), i.e. assets and flows.

tmnpy.dsl.Asset(name[, open_ports, machine])

An Asset is a person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value[1].

tmnpy.dsl.threat.Weakness(name[, alt_name, ...])

A weakness is a potential issue in the design of the system in question.

tmnpy.dsl.threat.Vulnerability(name, **kwargs)

A vulnerability is a previously known weakness in a piece of software, generally associated with a CVE.

tmnpy.dsl.threat.Threat(name[, desc, ...])

A threat is an instance of a weakness (or set of weaknesses) in the system that the threat model is for, that has been determined to apply.

tmnpy.dsl.requirement.STRIDE([spoofing, ...])

A STRIDE object is assigned to a threat, whereby the user determines, which aspects of STRIDE apply to this particular threat.

tmnpy.dsl.requirement.STRIDE.spoofing

Spoofing requirement.

tmnpy.dsl.requirement.STRIDE.tampering

Tampering threat.

tmnpy.dsl.requirement.STRIDE.repudiation

Repudiation threat.

tmnpy.dsl.requirement.STRIDE.information_disclosure

Information Disclosure threat.

tmnpy.dsl.requirement.STRIDE.denial_of_service

Denial of Service threat.

tmnpy.dsl.requirement.STRIDE.elevation_of_privilege

Elevation of Privilege threat.

tmnpy.dsl.requirement.SecurityProperty([...])

Determine what are the security properties associated with an element, specifically Confidentiality, Integrity, Availability, Authenticity, Non-Repudiation, and Authorization.

tmnpy.dsl.requirement.SecurityProperty.confidentiality

Confidentiality requirement.

tmnpy.dsl.requirement.SecurityProperty.integrity

Integrity requirement.

tmnpy.dsl.requirement.SecurityProperty.availability

Availability requirement.

tmnpy.dsl.requirement.SecurityProperty.authenticity

Authenticity requirement.

tmnpy.dsl.requirement.SecurityProperty.non_repudiation

Non-Repudiation requirement.

tmnpy.dsl.requirement.SecurityProperty.authorization

Authorization requirement.