Skip to content

OpenXSAM (itemis Secure classic)

OpenXSAM is an open source format for security risk analysis.

Data access

All artifacts in OpenXSAM are available as XML resources. The data access can be configured for files or URLs.

Configuration

Open the ANALYZE configuration with the ANALYZE configuration editor, and add a new data access as described in section "Data accesses". Select OpenXSAM as data access type.

Supported options:

  • resource – File filter pattern

Example:

resource "*.xsam"

This configuration specifies that ANALYZE should load and analyze all files residing in the workspace whose filename extension is .xsam.

Artifact type

Artifacts in OpenXSAM are nodes defined in the standard, like `Risk`, `ThreatClass` or `DataFlow`.

Configuration

Open the ANALYZE configuration with the ANALYZE configuration editor, and add a new artifact type as described in section "Artifact types". Select your previously-configured PDF files data access in the Data access drop-down list.

Keywords

The OpenXSAM artifact type configuration supports the following keywords:

  • artifact types – Comma separated list of node names.
  • if – optional expression following after artifact types. If no if expression is specified, all elements will be matched. The condition can contain boolean concatenations of expressions.
    • (…), &&, AND, ||, OR – Grouping or concatenation of constraints.
  • name – Name for the matched artifact
  • identified by – An optional key for an artifact in this document. If specified, it should return a value which uniquely identifies the artifact. If the same value is returned for several XML resp. HTML nodes, ANALYZE will only create one artifact.
  • map – Starts a mapping block for specifying custom attributes.
  • valueOf – XPath expression
Example

Example for analyzing risks:

artifact types = Risk 
if valueOf ("@name") !=""  && valueOf("@name") contains "R."{
  name valueOf("@name") + "-" + valueOf("@title")
  identified by valueOf("@*[local-name()='id']")
  map {
    	title to valueOf ("@title")
    	ts_refs_target to valueOf ("*[name() = 'CausedByElements']/*[name() = 'ThreatScenarioRef']/@target")
    	ts_refs_target_mpsID to valueOf ("*[name() = 'CausedByElements']/*[name() = 'ThreatScenarioRef']/@*[local-name()='id']")
    	mps_id to valueOf ("@*[local-name()='id']")
    }
}

Get all Risk from OpenXSAM and extract the name and the title to name the artifact and the id and target ids for linked threat scenarios.

Version

An artifact’s version is used for suspicious links validation. Artifacts of