Abacus Quickstart
What is Abacus?
Integrating ABACUS, a premier enterprise architecture tool, with StartLeft's OTM (Open Threat Model) format enriches threat modeling with advanced automation. This synergy combines ABACUS's detailed architectural insights with StartLeft's streamlined threat modeling, offering a comprehensive security analysis framework.
Leveraging ABACUS Models in StartLeft
ABACUS's extensive collection of predefined components and shapes enables intricate architectural designs. Through StartLeft, these elements are precisely translated into the OTM format, ensuring a smooth transition from architectural designs to detailed threat models. This integration highlights the structured modeling of ABACUS, making complex architectures easily interpretable in threat modeling contexts.
The slp_abacus Module: Bridging Architectures with Threat Models
The slp_abacus module within StartLeft focuses on converting ABACUS files into OTM format, akin to its Drawio integration. This module facilitates the conversion of architectural diagrams into actionable threat models, thereby enhancing security planning.
Hierarchical Mapping Process
The ABACUS to OTM conversion process involves a hierarchical approach to mappings, comprising:
- Default Mapping File: Includes generic mappings for widespread use across multiple projects, ensuring the standardization of ABACUS model components during OTM conversion.
- Custom Mapping File: Accommodates project-specific components from ABACUS diagrams, allowing for tailored and precise OTM translations that reflect unique architectural nuances.
Refer to the REST API Manual for comprehensive instructions on utilizing StartLeft with ABACUS files.
Supported Formats by StartLeft
StartLeft is capable of processing ABACUS diagrams in JSON format:
*.json: Exports directly from ABACUS for conversion.
Conversion Example: From ABACUS to OTM
Imagine converting an ABACUS diagram featuring a PoC Integrator, Webpage, Database, Static Content, Backend, and an Angular Client into a threat model. The process involves using a default mapping file to define mappings for these components, facilitating their translation into the OTM format:
trustzones:
- label: Public Cloud
type: b61d6911-338d-46a8-9f39-8dcd24abfe91
default: true
components:
- label: SST PoC Integrator
type: CD-MSG-BROKER
- label: SST PoC Webpage
type: compact-server-side-web-application
- label: SST PoC Database
type: other-database
- label: SST PoC Static Content
type: CD-CONTENT-DELIVERY-NETWORK
- label: SST PoC Backend
type: back-end-server
- label: Angular v12.0.0
type: web-client
The conversion results in an OTM file reflecting the original ABACUS diagram's components:
basic-abacus-example.otm
{
"otmVersion": "0.2.0",
"project": {
"name": "Abacus Basic Example",
"id": "abacus-basic-example"
},
"representations": [
{
"name": "example-project Diagram Representation",
"id": "example-project-diagram",
"type": "diagram",
"size": {
"width": 1000,
"height": 1000
}
}
],
"trustZones": [
{
"id": "0dc3a5c4-64af-490d-b72a-a591dc79a9d3",
"name": "Public Cloud",
"type": "b61d6911-338d-46a8-9f39-8dcd24abfe91",
"risk": {
"trustRating": 10
}
}
],
"components": [
{
"id": "258636",
"name": "SST PoC Webpage",
"type": "compact-server-side-web-application",
"parent": {
"trustZone": "0dc3a5c4-64af-490d-b72a-a591dc79a9d3"
}
},
{
"id": "258642",
"name": "SST PoC Integrator",
"type": "CD-MSG-BROKER",
"parent": {
"trustZone": "0dc3a5c4-64af-490d-b72a-a591dc79a9d3"
}
},
{
"id": "258646",
"name": "SST PoC Backend",
"type": "back-end-server",
"parent": {
"trustZone": "0dc3a5c4-64af-490d-b72a-a591dc79a9d3"
}
},
{
"id": "258650",
"name": "SST PoC Database",
"type": "other-database",
"parent": {
"trustZone": "0dc3a5c4-64af-490d-b72a-a591dc79a9d3"
}
},
{
"id": "258665",
"name": "SST PoC Static Content",
"type": "CD-CONTENT-DELIVERY-NETWORK",
"parent": {
"trustZone": "0dc3a5c4-64af-490d-b72a-a591dc79a9d3"
}
},
{
"id": "259247",
"name": "SST PoC Webpage",
"type": "compact-server-side-web-application",
"parent": {
"trustZone": "0dc3a5c4-64af-490d-b72a-a591dc79a9d3"
}
},
{
"id": "259258",
"name": "SST PoC Webpage",
"type": "compact-server-side-web-application",
"parent": {
"trustZone": "0dc3a5c4-64af-490d-b72a-a591dc79a9d3"
}
},
{
"id": "258632",
"name": "Angular v12.0.0",
"type": "web-client",
"parent": {
"trustZone": "0dc3a5c4-64af-490d-b72a-a591dc79a9d3"
}
}
],
"dataflows": []
}
Getting Started with Conversion
To begin the conversion process:
- Download
abacus_merged.jsonand the example default mapping file (iriusrisk-abacus-mapping.yaml) from the provided links. - Use StartLeft's REST API for conversion, starting the server with
startleft serverand submitting the ABACUS file and mapping file via a CURL request:
curl --location --request POST localhost:5000/api/v1/startleft/diagram --header "Content-Type: multipart/form-data" --header "Accept: application/json" --form diag_type="ABACUS" --form diag_file=@"./abacus_merged.json" --form default_mapping_file=@"./iriusrisk-abacus-mapping.yaml" --form id="abacus-basic-example" --form name="Abacus Basic Example"
This streamlined process ensures a smooth conversion of ABACUS architectures into comprehensive OTM threat models, leveraging StartLeft's REST API for efficient integration.