-
Notifications
You must be signed in to change notification settings - Fork 2
Glossary
This page defines TMI-specific terms and concepts used throughout the application and documentation.
A comprehensive document that identifies, analyzes, and documents potential security threats to a system or application. In TMI, a threat model contains diagrams, threat assessments, and recommendations for risk mitigation.
A visual representation of how data moves through a system. DFDs show processes, data stores, actors, security boundaries, and the data flows between them. The foundation for threat identification.
A component within a Data Flow Diagram. Types include:
- Process - Application or service that processes data
- Data Store - Database, cache, or file system
- Actor - Person, system, or external entity that interacts with the modeled system
- Security Boundary - Boundary delineating different security zones
- Text Box - Annotation or label element for documentation
A connection between elements showing the movement of data. Data flows are analyzed for security threats.
A potential security risk or vulnerability identified in a threat model. Each threat has a name (not "title"), and may include description, severity, likelihood, risk level, score, priority, status, mitigation details, CWE identifiers, CVSS vectors, and an optional link to an issue tracker. Threats can be associated with a specific diagram and cell element.
A structured methodology for identifying threats. Supported frameworks:
- STRIDE - Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
- CIA - Confidentiality, Integrity, Availability
- LINDDUN - Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, Non-compliance (privacy-focused)
- DIE - Distributed, Immutable, Ephemeral (cloud-native security)
- PLOT4ai - Privacy-focused framework for AI/ML threat modeling
The process of determining what authenticated users are allowed to do. TMI implements role-based authorization.
A permission level assigned to users for specific objects:
- Owner - Full read/write/delete permissions; can change authorization and ownership
- Writer - Read and write permissions; cannot delete or change authorization
- Reader - Read-only access; cannot modify or delete
A specific capability granted by a role:
- Read - View object and its contents
- Write - Modify object properties and content
- Delete - Remove object permanently
- Share - Change authorization and ownership
The user designated as the object's owner. The owner field takes absolute precedence over the authorization list and automatically grants owner-level permissions regardless of other authorization entries.
A list of subjects (users or groups) and their assigned roles for an object. Different from the owner field; doesn't provide owner-level permissions.
A special group identifier with predefined behavior. The "everyone" pseudo-group grants access to all authenticated users, regardless of their identity provider.
An entity (user or group) referenced in authorization:
- user - Individual user identified by email or username
- group - Collection of users from an identity provider
An external service that authenticates users and provides identity information. TMI supports dynamically configured providers via two protocols:
- OAuth 2.0 / OpenID Connect - Any standards-compliant OIDC provider (e.g., Google, GitHub, Microsoft Entra ID) configured through environment variables or YAML
- SAML 2.0 - Any SAML-compliant identity provider (e.g., Okta, ADFS) configured with metadata URL and attribute mappings
Providers are not hard-coded; each deployment configures the set of enabled providers.
HTTP-based API for programmatic access to threat models, diagrams, and threats. Follows RESTful principles with JSON payloads.
Real-time bidirectional communication protocol enabling collaborative diagram editing. Used for live updates when multiple users edit simultaneously. WebSocket connections use ticket-based authentication: clients first request a short-lived ticket via the REST API (/ws/ticket), then present that ticket as a query parameter when establishing the WebSocket connection. This avoids exposing JWTs in WebSocket URLs or server logs.
Industry-standard authentication protocol. TMI uses the OAuth 2.0 Authorization Code flow with PKCE (Proof Key for Code Exchange, RFC 7636) for secure authentication with external identity providers. PKCE prevents authorization code interception attacks and is mandatory for all OAuth flows. Only the S256 code challenge method is supported.
A cryptographically signed token representing an authenticated user. Used to authorize API requests.
Specification format for documenting REST APIs. TMI's REST API is fully documented in OpenAPI 3.0.3.
Specification format for documenting asynchronous message protocols. TMI's WebSocket protocol is documented in AsyncAPI.
A sequence of API calls representing a common integration pattern (e.g., creating a threat model, adding diagrams, identifying threats).
Relational database storing persistent threat model data including models, diagrams, threats, and user information.
In-memory cache and message broker providing:
- Real-time WebSocket connection management
- Edit lock coordination for concurrent editing
- Session cache
- Temporary data storage
The structure of database tables and their relationships. Includes tables for threat models, diagrams, threats, users, authorization, audit trails, and metadata. Schema changes are managed through GORM AutoMigrate, which automatically creates and updates tables, columns, indexes, and constraints based on Go struct definitions at server startup.
Settings that control TMI server behavior at runtime:
- Server settings (port, interface, timeouts)
- Database credentials
- Authentication settings
- TLS/HTTPS configuration
A deployment context:
- Development - Local development with relaxed security
- Staging - Production-like environment for testing
- Production - Live environment serving users
A lightweight, isolated execution environment for applications. TMI components (server, PostgreSQL, Redis) run in Docker containers.
Open-source container vulnerability scanner from Anchore. Scans container images for CVEs and generates reports in multiple formats (SARIF, JSON, table). Part of the Anchore toolchain alongside Syft (SBOM generation).
Encryption protocol for securing network communication. Required for production deployments.
Sensitive configuration values including passwords, API keys, and OAuth credentials. Should never be committed to version control.
Multiple users simultaneously editing a diagram with automatic synchronization via WebSocket.
Mechanism preventing conflicting edits when multiple users modify the same diagram element. Managed through Redis.
Real-time notification to all connected clients when a diagram is modified.
Custom key-value pairs attached to threat models, diagrams, threats, and elements. Enables extension without schema changes.
User-defined attributes stored as metadata, such as:
- Risk ratings
- Mitigation status
- Owner assignments
- Compliance references
A unique identifier for a publicly disclosed security vulnerability. Example: CVE-2023-12345
A numerical rating (0-10) representing vulnerability severity. Used to prioritize patching.
A security weakness that could be exploited by attackers.
A software update that fixes a vulnerability or bug.
Security model restricting system access based on user roles.
Security principle granting users only the minimum permissions needed to perform their tasks.
Record of user actions for security monitoring and compliance.
- Security-Best-Practices - Security terminology and concepts
- API-Specifications - API-related terms
- Configuration-Reference - Configuration-related terms
- Authorization Reference - Detailed authorization rules
- Using TMI for Threat Modeling
- Accessing TMI
- Authentication
- Creating Your First Threat Model
- Understanding the User Interface
- Working with Data Flow Diagrams
- Managing Threats
- Collaborative Threat Modeling
- Using Notes and Documentation
- Timmy AI Assistant
- Metadata and Extensions
- Planning Your Deployment
- Terraform Deployment (AWS, OCI, GCP, Azure)
- Deploying TMI Server
- OCI Container Deployment
- Certificate Automation
- Deploying TMI Web Application
- Setting Up Authentication
- Database Setup
- Component Integration
- Post-Deployment
- Branding and Customization
- Monitoring and Health
- Cloud Logging
- Database Operations
- Security Operations
- Performance and Scaling
- Maintenance Tasks
- Getting Started with Development
- Architecture and Design
- API Integration
- Testing
- Contributing
- Extending TMI
- Dependency Upgrade Plans
- DFD Graphing Library Reference
- Migration Instructions