hcltm: Threat Modeling with HCL

by ddos ·

hcltm

Threat Modeling with HCL

Threat Modeling

Overview

There are many different ways in which a threat model can be documented. From a simple text file to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able to clearly document the threats and to be able to drive valuable change.

hcltm aims to provide a DevOps-first approach to documenting a system threat model by focusing on the following goals:

  • Simple text-file format
  • Simple cli-driven user experience
  • Integration into version control systems (VCS)

This repository is the home of the hcltm cli software. The hcltm  spec is based on HCL2, HashiCorp’s Configuration Language, which aims to be “pleasant to read and write for humans, and a JSON-based variant that is easier for machines to generate and parse“. Combining the hcltm cli software and the hcltm spec allows practitioners to define a system threat model in HCL, for example:

threatmodel "Tower of London" {
  description = "A historic castle"
  author = "@xntrik"

  attributes {
    new_initiative = "true"
    internet_facing = "true"
    initiative_size = "Small"
  }

  information_asset "crown jewels" {
    description = "including the imperial state crown"
    information_classification = "Confidential"
  }

  usecase {
    description = "The Queen can fetch the crown"
  }

  third_party_dependency "community watch" {
    description = "The community watch helps guard the premise"
    uptime_dependency = "degraded"
  }

  threat {
    description = "Someone who isn't the Queen steals the crown"
    impacts = ["Confidentiality"]
    control = "Lots of guards"
  }

  data_flow_diagram {
    // ... see below for more information
  }

}

Why HCL?

HCL is the primary configuration language used in the products by HashiCorp, in-particularly, Terraform – their open-source Infrastructure-as-Code software. I worked at HashiCorp for a while and the language really grew on me, plus, if DevOps and Software engineers are using the language, then simplifying how they document threat models aligns with hcltm‘s goals.

You can use hcltm with JSON, but you lose some of the features. For more, see the examples/ folder.

Install & Use

Copyright (c) 2021 Christian Frichot

Tags: Threat Modeling