Example 1 with ADAnd
use of com.ge.verdict.attackdefensecollector.adtree.ADAnd in project VERDICT by ge-high-assurance.
the class VerdictSynthesisTest method partialSolutionTest.
@Test
public void partialSolutionTest() {
CostModel costModel = new CostModel(new File(getClass().getResource("partialCosts.xml").getPath()));
int dal = 2;
SystemModel system = new SystemModel("C1");
Attack attack1 = new Attack(system.getAttackable(), "A1", "An attack", Prob.certain(), CIA.I);
Defense defense1 = new Defense(attack1);
defense1.addDefenseClause(Collections.singletonList(new Defense.DefenseLeaf("D1", Optional.of(new com.ge.verdict.attackdefensecollector.Pair<>("D1", 1)))));
ADTree adtree = new ADOr(new ADAnd(new ADNot(defense1), attack1));
for (Approach approach : Approach.values()) {
{
DLeaf.Factory factoryPartial = new DLeaf.Factory();
Optional<Pair<Set<ComponentDefense>, Double>> resultPartial = VerdictSynthesis.performSynthesisSingle(DTreeConstructor.construct(adtree, costModel, dal, true, false, factoryPartial), dal, factoryPartial, approach);
Assertions.assertThat(resultPartial.isPresent());
Assertions.assertThat(resultPartial.get().right).isEqualTo(1);
}
{
DLeaf.Factory factoryTotal = new DLeaf.Factory();
Optional<Pair<Set<ComponentDefense>, Double>> resultTotal = VerdictSynthesis.performSynthesisSingle(DTreeConstructor.construct(adtree, costModel, dal, false, false, factoryTotal), dal, factoryTotal, approach);
Assertions.assertThat(resultTotal.isPresent());
Assertions.assertThat(resultTotal.get().right).isEqualTo(2);
}
}
}
Also used :
DLeaf(com.ge.verdict.synthesis.dtree.DLeaf)
Set(java.util.Set)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
Optional(java.util.Optional)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
ComponentDefense(com.ge.verdict.synthesis.dtree.DLeaf.ComponentDefense)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
SystemModel(com.ge.verdict.attackdefensecollector.model.SystemModel)
Approach(com.ge.verdict.synthesis.VerdictSynthesis.Approach)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
File(java.io.File)
Pair(com.ge.verdict.synthesis.util.Pair)
Test(org.junit.Test)
Example 2 with ADAnd
use of com.ge.verdict.attackdefensecollector.adtree.ADAnd in project VERDICT by ge-high-assurance.
the class DTreeConstructor method constructInternal.
/**
* Inductively-defined function over attack-defense trees.
*
* <p>The mapping from attack-defense tree to defense tree is pretty straightforward. One of the
* most important things to note is that AND and OR nodes are transposed in the transformation
* because they mean opposite things in a defense tree compared to an attack-defense tree. (An
* attack-defense tree is "how to attack", whereas a defense tree is "how to defend".)
*
* @param adtree
* @return
*/
private Optional<DTree> constructInternal(ADTree adtree) {
if (adtree instanceof Attack) {
Attack attack = (Attack) adtree;
ALeaf aleaf = new ALeaf(attack);
// keep track of all attack leaves
if (!attackALeafMap.containsKey(attack)) {
attackALeafMap.put(attack, new LinkedHashSet<>());
}
attackALeafMap.get(attack).add(aleaf);
return Optional.of(aleaf);
} else if (adtree instanceof Defense) {
Defense defense = (Defense) adtree;
defenses.add(defense);
return Optional.of(new DNot(constructDefenseTree(defense)));
} else if (adtree instanceof ADAnd) {
ADAnd adand = (ADAnd) adtree;
// Transpose and/or
return Optional.of(new DOr(adand.children().stream().map(this::constructInternal).flatMap(elem -> elem.isPresent() ? Stream.of(elem.get()) : Stream.empty()).collect(Collectors.toList())));
} else if (adtree instanceof ADOr) {
ADOr ador = (ADOr) adtree;
// Transpose and/or
return Optional.of(new DAnd(ador.children().stream().map(this::constructInternal).flatMap(elem -> elem.isPresent() ? Stream.of(elem.get()) : Stream.empty()).collect(Collectors.toList())));
} else if (adtree instanceof ADNot) {
ADNot adnot = (ADNot) adtree;
return constructInternal(adnot.child()).map(DNot::new);
} else if (adtree instanceof DefenseCondition) {
DCondition dcond = new DCondition((DefenseCondition) adtree);
dconditions.add(dcond);
return Optional.of(dcond);
} else {
throw new RuntimeException("got invalid adtree type: " + adtree.getClass().getCanonicalName());
}
}
Also used :
DCondition(com.ge.verdict.synthesis.dtree.DCondition)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DefenseCondition(com.ge.verdict.attackdefensecollector.adtree.DefenseCondition)
ArrayList(java.util.ArrayList)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
LinkedHashMap(java.util.LinkedHashMap)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
Map(java.util.Map)
DTree(com.ge.verdict.synthesis.dtree.DTree)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
LinkedHashSet(java.util.LinkedHashSet)
DLeaf(com.ge.verdict.synthesis.dtree.DLeaf)
DNot(com.ge.verdict.synthesis.dtree.DNot)
AttackDefenseCollector(com.ge.verdict.attackdefensecollector.AttackDefenseCollector)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
ALeaf(com.ge.verdict.synthesis.dtree.ALeaf)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
List(java.util.List)
Stream(java.util.stream.Stream)
Optional(java.util.Optional)
DAnd(com.ge.verdict.synthesis.dtree.DAnd)
DOr(com.ge.verdict.synthesis.dtree.DOr)
Collections(java.util.Collections)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DOr(com.ge.verdict.synthesis.dtree.DOr)
ALeaf(com.ge.verdict.synthesis.dtree.ALeaf)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
DCondition(com.ge.verdict.synthesis.dtree.DCondition)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
DAnd(com.ge.verdict.synthesis.dtree.DAnd)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
DNot(com.ge.verdict.synthesis.dtree.DNot)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DefenseCondition(com.ge.verdict.attackdefensecollector.adtree.DefenseCondition)
Example 3 with ADAnd
use of com.ge.verdict.attackdefensecollector.adtree.ADAnd in project VERDICT by ge-high-assurance.
the class DTreeConstructorTest method testConstruct.
@Test
public void testConstruct() {
DLeaf.Factory factory = new DLeaf.Factory();
CostModel dummyCosts = new CostModel(new File(getClass().getResource("dummyCosts.xml").getPath()));
int dal = 5;
SystemModel system = new SystemModel("S1");
Attack attack1 = new Attack(system.getAttackable(), "A1", "An attack", Prob.certain(), CIA.I);
Defense defense1 = new Defense(attack1);
defense1.addDefenseClause(Collections.singletonList(new Defense.DefenseLeaf("D1", Optional.empty())));
ADTree adtree = new ADOr(new ADAnd(new ADNot(defense1), attack1));
Fraction[] costs = Util.fractionCosts(new double[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 });
DTree dtree = new DAnd(Collections.singletonList(new DOr(Collections.singletonList(new DOr(Collections.singletonList(new DAnd(Collections.singletonList(new DLeaf("S1", "D1", "A1", 0, dal, costs, factory)))))))));
Assertions.assertThat(DTreeConstructor.construct(adtree, dummyCosts, dal, false, false, factory).prettyPrint()).isEqualTo(dtree.prettyPrint());
}
Also used :
DLeaf(com.ge.verdict.synthesis.dtree.DLeaf)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
DTree(com.ge.verdict.synthesis.dtree.DTree)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DOr(com.ge.verdict.synthesis.dtree.DOr)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
Fraction(org.apache.commons.math3.fraction.Fraction)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
DAnd(com.ge.verdict.synthesis.dtree.DAnd)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
SystemModel(com.ge.verdict.attackdefensecollector.model.SystemModel)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
File(java.io.File)
Test(org.junit.Test)
Example 4 with ADAnd
use of com.ge.verdict.attackdefensecollector.adtree.ADAnd in project VERDICT by ge-high-assurance.
the class SystemModel method trace.
/**
* Trace a port concern through a system from an output port, or from the input port of a
* subsystem with an internal incoming connection, constructing an attack-defense tree for all
* possible attacks on the system.
*
* <p>Uses attacks directly affecting the system, cyber relations, internal connections to
* subcomponents, and incoming connections to construct the entire attack-defense tree.
*
* <p>Avoids entering infinite loops by keeping track of pairs of connections and CIAs that have
* already been traced.
*
* <p>Builds maps (with concretize()) on first invocation.
*
* @param concern the port and CIA to trace
* @param cyclePrevention a set of previously-traced connections and CIAs, used to prevent
* cycles from causing infinite loops
* @return the optional attack-defense tree constructed from tracing the port concern
*/
protected Optional<ADTree> trace(PortConcern concern, Set<Pair<ConnectionModel, CIA>> cyclePrevention) {
if (!isConcretized()) {
concretize();
}
// Logger.println("Tracing " + getName() + " " + concern.getPortName() + ":" +
// concern.getCia());
// All attack-defense trees that will be OR-ed together at the end
Set<ADTree> children = new HashSet<>();
// If we find a cyber rel with this output port, then even if we have successfully
// traced the port concern even if we don't turn up an attack-defense tree at the end
boolean hasCyberRel = false;
// Attacks which apply directly to this system
for (Attack attack : attackable.getAttacks()) {
// Only allow matching CIA attacks
if (attack.getCia().equals(concern.getCia())) {
if (attackToDefense.containsKey(attack)) {
// There is a defense associated
Optional<ADTree> dependentRules = DependentRules.getComponentDependence(this, attack.getName());
if (dependentRules.isPresent()) {
children.add(new ADAnd(new ADNot(attackToDefense.get(attack)), attack, dependentRules.get()));
} else {
children.add(new ADAnd(new ADNot(attackToDefense.get(attack)), attack));
}
} else {
// There is no defense, just a raw attack
children.add(attack);
}
}
}
// Search in cyber relations
for (CyberRel cyberRel : Util.guardedGet(outputConcernToCyberRel, concern)) {
hasCyberRel = true;
if (cyberRel.getInput().isPresent()) {
// Trace cyber relation
cyberRel.getInput().get().toADTree(inputConcern -> traceInputConcern(inputConcern, cyclePrevention)).map(children::add);
}
}
// Search in subcomponents (using internal connections)
for (ConnectionModel internalConnection : Util.guardedGet(destPortToOutgoingInternalConnection, concern.getPortName())) {
internalConnection.trace(concern.getCia(), cyclePrevention).map(children::add);
}
// (This happens when tracing from a subcomponent back to an input of the overall system)
for (ConnectionModel internalConnection : Util.guardedGet(sourcePortToIncomingInternalConnection, concern.getPortName())) {
traceInputConcern(new PortConcern(internalConnection.getSourcePortName(), concern.getCia()), cyclePrevention).map(children::add);
}
if (children.isEmpty()) {
if (!hasCyberRel) {
Logger.showWarning("Found no trace for " + getName() + " " + concern.getPortName() + ":" + concern.getCia());
}
return Optional.empty();
} else {
// Disjunction of all of the inputs
return Optional.of(new ADOr(children));
}
}
Also used :
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
Pair(com.ge.verdict.attackdefensecollector.Pair)
Set(java.util.Set)
ArrayList(java.util.ArrayList)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
HashSet(java.util.HashSet)
LinkedHashMap(java.util.LinkedHashMap)
Objects(java.util.Objects)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
List(java.util.List)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
Util(com.ge.verdict.attackdefensecollector.Util)
Map(java.util.Map)
Logger(com.ge.verdict.attackdefensecollector.Logger)
Optional(java.util.Optional)
DependentRules(com.ge.verdict.attackdefensecollector.DependentRules)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
Collections(java.util.Collections)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
HashSet(java.util.HashSet)
Example 5 with ADAnd
use of com.ge.verdict.attackdefensecollector.adtree.ADAnd in project VERDICT by ge-high-assurance.
the class DTreeConstructorTest method multipleRequirementsTest.
@Test
public void multipleRequirementsTest() {
DLeaf.Factory factory = new DLeaf.Factory();
CostModel dummyCosts = new CostModel(new File(getClass().getResource("dummyCosts.xml").getPath()));
SystemModel system = new SystemModel("S1");
Attack attack1 = new Attack(system.getAttackable(), "A1", "An attack", Prob.certain(), CIA.I);
Defense defense1 = new Defense(attack1);
defense1.addDefenseClause(Collections.singletonList(new Defense.DefenseLeaf("D1", Optional.empty())));
List<AttackDefenseCollector.Result> results = Arrays.asList(new AttackDefenseCollector.Result(system, new CyberReq("req1", "mission1", 5, "port1", CIA.I), new ADAnd(new ADNot(defense1), attack1), Prob.certain()), new AttackDefenseCollector.Result(system, new CyberReq("req1", "mission1", 7, "port1", CIA.I), new ADAnd(new ADNot(defense1), attack1), Prob.certain()));
DTree dtree = new DAnd(new DOr(new DOr(new DAnd(new DLeaf("S1", "D1", "A1", 0, 5, dummyCosts, factory, false, false)))), new DOr(new DOr(new DAnd(new DLeaf("S1", "D1", "A1", 0, 7, dummyCosts, factory, false, false)))));
Assertions.assertThat(DTreeConstructor.construct(results, dummyCosts, false, false, factory).prepare().get().prettyPrint()).isEqualTo(dtree.prettyPrint());
}
Also used :
DLeaf(com.ge.verdict.synthesis.dtree.DLeaf)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
DTree(com.ge.verdict.synthesis.dtree.DTree)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
CyberReq(com.ge.verdict.attackdefensecollector.model.CyberReq)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DOr(com.ge.verdict.synthesis.dtree.DOr)
AttackDefenseCollector(com.ge.verdict.attackdefensecollector.AttackDefenseCollector)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
DAnd(com.ge.verdict.synthesis.dtree.DAnd)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
SystemModel(com.ge.verdict.attackdefensecollector.model.SystemModel)
File(java.io.File)
Test(org.junit.Test)
Aggregations
ADAnd (com.ge.verdict.attackdefensecollector.adtree.ADAnd)7
ADNot (com.ge.verdict.attackdefensecollector.adtree.ADNot)7
ADOr (com.ge.verdict.attackdefensecollector.adtree.ADOr)7
ADTree (com.ge.verdict.attackdefensecollector.adtree.ADTree)7
Attack (com.ge.verdict.attackdefensecollector.adtree.Attack)7
Defense (com.ge.verdict.attackdefensecollector.adtree.Defense)6
DLeaf (com.ge.verdict.synthesis.dtree.DLeaf)5
SystemModel (com.ge.verdict.attackdefensecollector.model.SystemModel)4
File (java.io.File)4
Test (org.junit.Test)4
AttackDefenseCollector (com.ge.verdict.attackdefensecollector.AttackDefenseCollector)3
DAnd (com.ge.verdict.synthesis.dtree.DAnd)3
DOr (com.ge.verdict.synthesis.dtree.DOr)3
DTree (com.ge.verdict.synthesis.dtree.DTree)3
ArrayList (java.util.ArrayList)3
Optional (java.util.Optional)3
Set (java.util.Set)3
CyberReq (com.ge.verdict.attackdefensecollector.model.CyberReq)2
ComponentDefense (com.ge.verdict.synthesis.dtree.DLeaf.ComponentDefense)2
Pair (com.ge.verdict.synthesis.util.Pair)2
