Welcome to TMNT’s documentation!

TMNT is a tool for building threat models in a natural fashion.

Check out the Usage section for further information.

Note

This project is currently being developed by the Tufts Security & Privacy Lab. If you have any questions please email us at tsp-tmnt@cs.tufts.edu

Contents

• Project Information
  • Wall of Contributors
    • Alumni
  • Related Research from TSP
• Usage
  • Installation of tmnpy
  • Running the TMNT App
    • UI
    • Controller
  • Docker Setup
• TMNT Overview
  • Design Goals for TMNT
    • Support varied approaches (D1)
    • Uninterrupted brainstorming (D2)
    • Incomplete information and alternative configurations (D3)
    • Evolving Interface (D4)
    • Component Modularity (D5)
  • Modules
    • DSL (tmnpy.dsl)
    • Knowledge Base (tmnpy.kb)
    • Engines (tmnpy.engines)
      • Threat & Control Assignment Engine (tmnpy.engines.Assignment)
      • Natural Suggestion Engine
    • UI (ui)
      • What are we building
      • What could go wrong
      • What are we going to do about it
      • Have we done a good enough job
• Overview of Threat Modeling
  • Four Questions
    • What are we working on?
      • Specifics
    • What can go wrong?
      • Specifics
    • What are we going to do?
      • Specifics
    • Did we do a good job?
  • Additional Resources
    • Guides and Trainings
  • Tools
    • Diagramming Only
      • draw.io
      • C4
      • Mermaid
      • Structurizr
      • Diagrams
      • PlantUML
    • DSLs/Threat Modeling as Code
      • pytm
      • MAL
      • Threagile
      • threatcl
      • threatspec
      • threat-composer
    • UIs
      • IriusRisk
      • Threat Dragon
      • Microsoft Threat Modeling Tool
      • Threats Manager Studio
      • Theat Modeler
      • Trike
      • Tutamantic
      • ADTool
      • AT-AT
      • Ent
      • SeaMonster
      • IsoGraph
      • SecurITree
      • RiskTree
      • Deciduous
      • Sparta
• Contributing
• TMNPY API
  • DSL
    • tmnpy.dsl.component.Component
      • Component
        • Component.__init__()
    • tmnpy.dsl.Asset
      • Asset
        • Asset.__init__()
    • tmnpy.dsl.threat.Weakness
      • Weakness
        • Weakness.__init__()
    • tmnpy.dsl.threat.Vulnerability
      • Vulnerability
        • Vulnerability.__init__()
    • tmnpy.dsl.threat.Threat
      • Threat
        • Threat.__init__()
    • tmnpy.dsl.requirement.STRIDE
      • STRIDE
        • STRIDE.__init__()
    • tmnpy.dsl.requirement.STRIDE.spoofing
      • STRIDE.spoofing
    • tmnpy.dsl.requirement.STRIDE.tampering
      • STRIDE.tampering
    • tmnpy.dsl.requirement.STRIDE.repudiation
      • STRIDE.repudiation
    • tmnpy.dsl.requirement.STRIDE.information_disclosure
      • STRIDE.information_disclosure
    • tmnpy.dsl.requirement.STRIDE.denial_of_service
      • STRIDE.denial_of_service
    • tmnpy.dsl.requirement.STRIDE.elevation_of_privilege
      • STRIDE.elevation_of_privilege
    • tmnpy.dsl.requirement.SecurityProperty
      • SecurityProperty
        • SecurityProperty.__init__()
    • tmnpy.dsl.requirement.SecurityProperty.confidentiality
      • SecurityProperty.confidentiality
    • tmnpy.dsl.requirement.SecurityProperty.integrity
      • SecurityProperty.integrity
    • tmnpy.dsl.requirement.SecurityProperty.availability
      • SecurityProperty.availability
    • tmnpy.dsl.requirement.SecurityProperty.authenticity
      • SecurityProperty.authenticity
    • tmnpy.dsl.requirement.SecurityProperty.non_repudiation
      • SecurityProperty.non_repudiation
    • tmnpy.dsl.requirement.SecurityProperty.authorization
      • SecurityProperty.authorization

Indices and tables

• Index

• Module Index

• Search Page