{ "summary": { "title": "Metaverse Model" }, "detail": { "contributors": [], "diagrams": [ { "title": "Wallet Server", "thumbnail": "./public/content/images/thumbnail.stride.jpg", "diagramType": "STRIDE", "id": 0, "$$hashKey": "object:50", "diagramJson": { "cells": [ { "type": "tm.Actor", "size": { "width": 160, "height": 80 }, "position": { "x": 440, "y": 30 }, "angle": 0, "id": "27e3391f-ee25-4632-96c1-e0434e4a998e", "z": 1, "hasOpenThreats": false, "outOfScope": false, "attrs": { ".element-shape": { "class": "element-shape hasNoOpenThreats isInScope" }, "text": { "text": "Wallet Web Server" }, ".element-text": { "class": "element-text hasNoOpenThreats isInScope" } } }, { "type": "tm.Actor", "size": { "width": 160, "height": 80 }, "position": { "x": 130, "y": 30 }, "angle": 0, "id": "1e4c445f-6fbf-4735-9fb2-bd49336196ff", "z": 2, "hasOpenThreats": true, "description": "Any unauthenticated origin", "threats": [ { "status": "Open", "severity": "Medium", "modelType": "STRIDE", "type": "Spoofing", "title": "Customer Authenticity", "description": "Customer might try to impersonate another customer and do transactions in his name.", "threatId": "f2c183a5-4800-4599-8672-742cbb4c9f0f", "$$hashKey": "object:219" }, { "status": "Open", "severity": "Medium", "modelType": "STRIDE", "type": "Repudiation", "title": "Payment Authorization", "description": "Customer states that he did not commit the transaction.", "threatId": "7524a6ad-931e-4626-b10b-0d33cb548c6b", "$$hashKey": "object:233" } ], "attrs": { ".element-shape": { "class": "element-shape hasOpenThreats isInScope" }, "text": { "text": "Customer" }, ".element-text": { "class": "element-text hasOpenThreats isInScope" } } }, { "type": "tm.Actor", "size": { "width": 160, "height": 80 }, "position": { "x": 440, "y": 170 }, "angle": 0, "id": "e7267fe0-2972-4bfa-ab9b-f2ce15c52244", "z": 3, "hasOpenThreats": false, "description": "Sensitive", "attrs": { ".element-shape": { "class": "element-shape hasNoOpenThreats isInScope" }, "text": { "text": "Wallet API Server" }, ".element-text": { "class": "element-text hasNoOpenThreats isInScope" } } }, { "type": "tm.Store", "size": { "width": 160, "height": 80 }, "position": { "x": 130, "y": 370 }, "angle": 0, "id": "fbd79e5b-816d-4707-aad4-a28a7dad7ad6", "z": 4, "hasOpenThreats": false, "isALog": false, "storesInventory": false, "attrs": { ".element-shape": { "class": "element-shape hasNoOpenThreats isInScope" }, "text": { "text": "Transaction Store" }, ".element-text": { "class": "element-text hasNoOpenThreats isInScope" } } }, { "type": "tm.Actor", "size": { "width": 160, "height": 80 }, "position": { "x": 440, "y": 370 }, "angle": 0, "id": "bc43adcf-3ae0-432c-bf1b-7fc7ff3b38f7", "z": 5, "hasOpenThreats": false, "attrs": { ".element-shape": { "class": "element-shape hasNoOpenThreats isInScope" }, "text": { "text": "Transaction\nManagement" }, ".element-text": { "class": "element-text hasNoOpenThreats isInScope" } } }, { "type": "tm.Flow", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "id": "bc43adcf-3ae0-432c-bf1b-7fc7ff3b38f7" }, "target": { "id": "fbd79e5b-816d-4707-aad4-a28a7dad7ad6" }, "vertices": [], "id": "49f01dfc-3423-4452-b563-f71fe4603f3c", "labels": [ { "position": 0.5, "attrs": { "text": { "text": "Manages", "font-weight": "400", "font-size": "small" } } } ], "z": 6, "hasOpenThreats": false, "attrs": { ".marker-target": { "class": "marker-target hasNoOpenThreats isInScope" }, ".connection": { "class": "connection hasNoOpenThreats isInScope" } } }, { "type": "tm.Flow", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "id": "e7267fe0-2972-4bfa-ab9b-f2ce15c52244" }, "target": { "id": "bc43adcf-3ae0-432c-bf1b-7fc7ff3b38f7" }, "vertices": [], "id": "ba27f640-4a39-4eba-97db-e799a48950bb", "labels": [ { "position": 0.5, "attrs": { "text": { "text": "Uses", "font-weight": "400", "font-size": "small" } } } ], "z": 7, "hasOpenThreats": false, "attrs": { ".marker-target": { "class": "marker-target hasNoOpenThreats isInScope" }, ".connection": { "class": "connection hasNoOpenThreats isInScope" } } }, { "type": "tm.Flow", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "id": "27e3391f-ee25-4632-96c1-e0434e4a998e" }, "target": { "id": "e7267fe0-2972-4bfa-ab9b-f2ce15c52244" }, "vertices": [], "id": "0452105d-bb9e-4e22-aa20-6d3915e7d63d", "labels": [ { "position": 0.5, "attrs": { "text": { "text": "Uses", "font-weight": "400", "font-size": "small" } } } ], "z": 8, "hasOpenThreats": false, "attrs": { ".marker-target": { "class": "marker-target hasNoOpenThreats isInScope" }, ".connection": { "class": "connection hasNoOpenThreats isInScope" } } }, { "type": "tm.Flow", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "id": "1e4c445f-6fbf-4735-9fb2-bd49336196ff" }, "target": { "id": "27e3391f-ee25-4632-96c1-e0434e4a998e" }, "vertices": [], "id": "9a420ba9-fd87-419c-b8b2-f89c60450d54", "labels": [ { "position": 0.5, "attrs": { "text": { "text": "Accesses", "font-weight": "400", "font-size": "small" } } } ], "z": 9, "hasOpenThreats": false, "isPublicNetwork": true, "isEncrypted": true, "protocol": "HTTPS", "attrs": { ".marker-target": { "class": "marker-target hasNoOpenThreats isInScope" }, ".connection": { "class": "connection hasNoOpenThreats isInScope" } } }, { "type": "tm.Actor", "size": { "width": 160, "height": 80 }, "position": { "x": 130, "y": 170 }, "angle": 0, "id": "7a783726-6739-478e-9755-264abf6bfe82", "z": 10, "hasOpenThreats": false, "attrs": { ".element-shape": { "class": "element-shape hasNoOpenThreats isInScope" }, "text": { "text": "Mobile App" }, ".element-text": { "class": "element-text hasNoOpenThreats isInScope" } } }, { "type": "tm.Flow", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "id": "7a783726-6739-478e-9755-264abf6bfe82" }, "target": { "id": "e7267fe0-2972-4bfa-ab9b-f2ce15c52244" }, "vertices": [], "id": "345d8594-d2f4-4842-96db-cbb37df95057", "labels": [ { "position": 0.5, "attrs": { "text": { "text": "Accesses", "font-weight": "400", "font-size": "small" } } } ], "z": 11, "hasOpenThreats": false, "isEncrypted": true, "isPublicNetwork": true, "protocol": "REST", "attrs": { ".marker-target": { "class": "marker-target hasNoOpenThreats isInScope" }, ".connection": { "class": "connection hasNoOpenThreats isInScope" } } }, { "type": "tm.Boundary", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "x": 630, "y": 280 }, "target": { "x": 400, "y": 280 }, "vertices": [], "id": "3a058aef-0280-4609-b265-9e3a0adec3a7", "z": 12, "labels": [ { "position": 0.5, "attrs": { "text": { "text": "Trust Boundary", "font-weight": "400", "font-size": "small" } } } ], "attrs": {} } ] }, "size": { "height": 590, "width": 1022 } }, { "title": "User Management", "thumbnail": "./public/content/images/thumbnail.stride.jpg", "diagramType": "STRIDE", "id": 1, "$$hashKey": "object:505", "diagramJson": { "cells": [ { "type": "tm.Actor", "size": { "width": 160, "height": 80 }, "position": { "x": 80, "y": 140 }, "angle": 0, "id": "c78ef2f5-cfa1-4ce7-ade0-e408de07dd5f", "z": 1, "hasOpenThreats": true, "threats": [ { "ruleId": "b2a6d40d-d3f8-4750-8e4d-c02cc84b13dc", "title": "Generic spoofing threat", "type": "Spoofing", "modelType": "STRIDE", "status": "Open", "severity": "Medium", "description": "A generic spoofing threat", "mitigation": "Mitigation or prevention for the threat", "threatId": "df909f03-effd-40db-b39c-52a00223cf80", "$$hashKey": "object:722" }, { "ruleId": "87bc37e2-798e-4d68-bb96-feb1da26da48", "title": "Generic repudiation threat", "type": "Repudiation", "modelType": "STRIDE", "status": "Open", "severity": "Medium", "description": "A generic repudiation threat", "mitigation": "Mitigation or prevention for the threat", "threatId": "a27dd4a9-418f-4b9b-8936-9cf2cacc5b4b", "$$hashKey": "object:731" } ], "attrs": { ".element-shape": { "class": "element-shape hasOpenThreats isInScope" }, "text": { "text": "User" }, ".element-text": { "class": "element-text hasOpenThreats isInScope" } } }, { "type": "tm.Process", "size": { "width": 100, "height": 100 }, "position": { "x": 390, "y": 110 }, "angle": 0, "id": "611d23c0-9fab-41bb-a90f-ae3710272951", "z": 2, "hasOpenThreats": true, "threats": [ { "ruleId": "ce2fe37e-0742-4278-8915-40dc2226150e", "title": "Denial of Service", "type": "Elevation of privilege", "modelType": "STRIDE", "status": "Open", "severity": "Medium", "description": "See OWASP Automated Threat #15:\nUsage may resemble legitimate application usage but leads to exhaustion of resources", "mitigation": "Mitigation or prevention such as providing backoff, resource management and avoiding forced deadlock", "threatId": "a32e00b3-abc9-4ae5-8bfb-ed366cebd712", "$$hashKey": "object:639" } ], "attrs": { ".element-shape": { "class": "element-shape hasOpenThreats isInScope" }, "text": { "text": "Login" }, ".element-text": { "class": "element-text hasOpenThreats isInScope" } } }, { "type": "tm.Store", "size": { "width": 160, "height": 80 }, "position": { "x": 660, "y": 140 }, "angle": 0, "id": "6a56fba7-8702-40fa-a77e-6706743f2ed6", "z": 3, "hasOpenThreats": true, "storesCredentials": true, "isEncrypted": true, "threats": [ { "ruleId": "13000296-b17d-4b72-9cc4-f5cc33f80e4c", "title": "Generic information disclosure threat", "type": "Information disclosure", "modelType": "STRIDE", "status": "Open", "severity": "Medium", "description": "A generic information disclosure threat", "mitigation": "Mitigation or prevention for the threat", "threatId": "7328e250-80f9-40a8-9894-3b2b8b8d446a", "$$hashKey": "object:669" } ], "attrs": { ".element-shape": { "class": "element-shape hasOpenThreats isInScope" }, "text": { "text": "User Database" }, ".element-text": { "class": "element-text hasOpenThreats isInScope" } } }, { "type": "tm.Flow", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "id": "611d23c0-9fab-41bb-a90f-ae3710272951" }, "target": { "id": "6a56fba7-8702-40fa-a77e-6706743f2ed6" }, "vertices": [ { "x": 560, "y": 110 } ], "id": "f47f4e80-ef73-4dac-b96b-a36f6e3e0e57", "labels": [ { "position": { "distance": 0.46925095247713366, "offset": -20 }, "attrs": { "text": { "text": "Query Database", "font-weight": "400", "font-size": "small" } } } ], "z": 4, "hasOpenThreats": false, "attrs": { ".marker-target": { "class": "marker-target hasNoOpenThreats isInScope" }, ".connection": { "class": "connection hasNoOpenThreats isInScope" } } }, { "type": "tm.Flow", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "id": "6a56fba7-8702-40fa-a77e-6706743f2ed6" }, "target": { "id": "611d23c0-9fab-41bb-a90f-ae3710272951" }, "vertices": [ { "x": 530, "y": 190 } ], "id": "5b063982-6998-485e-8ee1-f8d59c0bc757", "labels": [ { "position": { "distance": 0.5416816466170442, "offset": -30.43621155024044 }, "attrs": { "text": { "text": "Query Response", "font-weight": "400", "font-size": "small" } } } ], "z": 5, "hasOpenThreats": false, "attrs": { ".marker-target": { "class": "marker-target hasNoOpenThreats isInScope" }, ".connection": { "class": "connection hasNoOpenThreats isInScope" } } }, { "type": "tm.Flow", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "id": "c78ef2f5-cfa1-4ce7-ade0-e408de07dd5f" }, "target": { "id": "611d23c0-9fab-41bb-a90f-ae3710272951" }, "vertices": [ { "x": 310, "y": 120 } ], "id": "d1e6f704-4414-4e6f-8df7-f5b9111314f2", "labels": [ { "position": { "distance": 0.5104252915659918, "offset": -20.63758485420264 }, "attrs": { "text": { "text": "Send Credentials", "font-weight": "400", "font-size": "small" } } } ], "z": 6, "hasOpenThreats": true, "isPublicNetwork": true, "isEncrypted": true, "protocol": "HTTPS", "threats": [ { "ruleId": "ff2fca4d-dedf-46f2-b9ac-aed70055bb4d", "title": "Vulnerable transport protocol", "type": "Information disclosure", "modelType": "STRIDE", "status": "Open", "severity": "Medium", "description": "Older transport protocols are vulnerable and have known vulnerabilities", "mitigation": "Use up to date cryptography and transport protocols", "threatId": "c1bf3a73-9898-4189-9ac6-2aff476068c5", "$$hashKey": "object:692" } ], "attrs": { ".marker-target": { "class": "marker-target hasOpenThreats isInScope" }, ".connection": { "class": "connection hasOpenThreats isInScope" } } }, { "type": "tm.Flow", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "id": "611d23c0-9fab-41bb-a90f-ae3710272951" }, "target": { "id": "c78ef2f5-cfa1-4ce7-ade0-e408de07dd5f" }, "vertices": [ { "x": 290, "y": 200 } ], "id": "b5f6781c-ff8a-470d-be6c-12d4175a5483", "labels": [ { "position": { "distance": 0.5720257575195177, "offset": -21.40240000765164 }, "attrs": { "text": { "text": "Confirm Login", "font-weight": "400", "font-size": "small" } } } ], "z": 7, "hasOpenThreats": false, "isEncrypted": true, "isPublicNetwork": true, "protocol": "HTTPS", "attrs": { ".marker-target": { "class": "marker-target hasNoOpenThreats isInScope" }, ".connection": { "class": "connection hasNoOpenThreats isInScope" } } }, { "type": "tm.Boundary", "size": { "width": 10, "height": 10 }, "smooth": true, "source": { "x": 370, "y": 50 }, "target": { "x": 380, "y": 280 }, "vertices": [], "id": "878455b4-c0ea-4539-ab85-e61ff9e274d2", "z": 8, "attrs": {} } ] }, "size": { "height": 590, "width": 830 } } ] } }