pytm icon indicating copy to clipboard operation
pytm copied to clipboard
verified publisher icon izar

Objects should be generic, with roles

Open colesmj opened this issue 5 years ago • 5 comments

Today, we have object types:

  • Element
  • Server
  • Client
  • Process
  • Asset
  • Lambda

It seems that a Server, Client, and Lambda are all specializations of Process or Asset, and really represent the "role" of each; role is really determined by the specific use - a server is the sink for a dataflow, the source is a client. But when describing an object, until the dataflows are determined, why force users to know ahead of time which one they need? Also, a client or server may be a server or a client, based on other data flows...

An alternative suggestion: create a generic "node" (Asset may be the right object already available), and allow assignment of properties that are generic. If roles are needed, assigning a role may add attributes specific to the role(s) added at runtime. This approach helps with constructing models based on less-than-perfect knowledge of the system.

colesmj avatar Sep 26 '20 18:09 colesmj

Fully agree! I still have a hard time telling how Process and Server are different...

nineinchnick avatar Sep 26 '20 18:09 nineinchnick

I still have a hard time telling how Process and Server are different...

Same. I have a collection of microservice applications where the element is both a Server and a Process. I created ServerProcess class in the model py file to get both annotation sets/threat eval.

nozmore avatar Apr 06 '21 20:04 nozmore

Rather than creating mixed object types, can we finally fix (and then properly document) the object model?

~Matthew Coles~

On Tue, Apr 6, 2021, 16:38 nozmore @.***> wrote:

I still have a hard time telling how Process and Server are different...

Same. I have a collection of microservice applications where the element is both a Server and a Process. I created ServerProcess class in the model py file to get both annotation sets/threat eval.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/izar/pytm/issues/112#issuecomment-814423189, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJMQZ6WJ2BYGHNT45QCNIN3THNWMJANCNFSM4R3BV5TA .

colesmj avatar Apr 06 '21 21:04 colesmj

I agree. I have an excel document with sheets for each object type and its annotations. I started going thru all annotations and capturing notes for things I'd like to move, rename, or need clarification on. I have work I would like to do on the threat lib but I want to get a handle on the model first.

nozmore avatar Apr 07 '21 04:04 nozmore

I started to document the object model in the wiki for this project ages ago. Please update it.

~Matthew Coles~

On Wed, Apr 7, 2021, 00:56 nozmore @.***> wrote:

I agree. I have an excel document with sheets for each object type and its annotations. I started going thru all annotations and capturing notes for things I'd like to move, rename, or need clarification on. I have work I would like to do on the threat lib but I want to get a handle on the model first.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/izar/pytm/issues/112#issuecomment-814599910, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJMQZ6QRIK5YUHWXQIHUJHDTHPQYVANCNFSM4R3BV5TA .

colesmj avatar Apr 07 '21 12:04 colesmj