EAvolvingFeb 25
0xKaishakunin

So I spent some time in #PlantUML trying to model #Risk #Trust #Attacks to tie #TOGAF #SABSA #Threatmodel and #PASTA #STRIDE together

As a Hacker, I don't need a fancy #diagram to visualise the attack vector and path I am already seeing. But as security architect/Team Blue I need to show it to others who don't see it.
And it has to be audit compliant.

The public repo with my PUMLs is here, feel free to reuse it
https://codeberg.org/0xKaishakunin/Architecture/src/branch/main/PlantUML-ModelingTrust

Architecture

Security Architecture Notes and Patterns

Codeberg.org
Feb 22 at 3:01pmWeb
Show thread0xKaishakuninFeb 22

I am still looking for the best way to represent such complexity in diagrams without creating too much mental load and death by Powerpoint.

I started working through risk ontologies to get #Archimate patterns and I started to model the #NetBSD #releng process including GnuPG Signatures. My goal is to get a complete model of a SLSA4 compliant reproducible builds architecture with Zero Trust architecture and secure from insider threats

Show thread0xKaishakuninFeb 22

https://codeberg.org/0xKaishakunin/Architecture/src/branch/main/PlantUML-ModelingTrust/GnuPG-WoT-Download

I have already modeled a #GnuPG key signing as DFD and SEQ as well as the classic "let's put an ISO image alongside a signature" on a WWW server. as DFD with trust boarders, attack path and STRIDE categories.

I have also modeled some of the patterns from »Modeling Trust in Enterprise Architecture: A Pattern Language for ArchiMate« in #PlantUML

Architecture

Security Architecture Notes and Patterns

Codeberg.org