Example 1 with Defense
use of com.ge.verdict.attackdefensecollector.adtree.Defense in project VERDICT by ge-high-assurance.
the class VerdictSynthesisTest method partialSolutionTest.
@Test
public void partialSolutionTest() {
CostModel costModel = new CostModel(new File(getClass().getResource("partialCosts.xml").getPath()));
int dal = 2;
SystemModel system = new SystemModel("C1");
Attack attack1 = new Attack(system.getAttackable(), "A1", "An attack", Prob.certain(), CIA.I);
Defense defense1 = new Defense(attack1);
defense1.addDefenseClause(Collections.singletonList(new Defense.DefenseLeaf("D1", Optional.of(new com.ge.verdict.attackdefensecollector.Pair<>("D1", 1)))));
ADTree adtree = new ADOr(new ADAnd(new ADNot(defense1), attack1));
for (Approach approach : Approach.values()) {
{
DLeaf.Factory factoryPartial = new DLeaf.Factory();
Optional<Pair<Set<ComponentDefense>, Double>> resultPartial = VerdictSynthesis.performSynthesisSingle(DTreeConstructor.construct(adtree, costModel, dal, true, false, factoryPartial), dal, factoryPartial, approach);
Assertions.assertThat(resultPartial.isPresent());
Assertions.assertThat(resultPartial.get().right).isEqualTo(1);
}
{
DLeaf.Factory factoryTotal = new DLeaf.Factory();
Optional<Pair<Set<ComponentDefense>, Double>> resultTotal = VerdictSynthesis.performSynthesisSingle(DTreeConstructor.construct(adtree, costModel, dal, false, false, factoryTotal), dal, factoryTotal, approach);
Assertions.assertThat(resultTotal.isPresent());
Assertions.assertThat(resultTotal.get().right).isEqualTo(2);
}
}
}
Also used :
DLeaf(com.ge.verdict.synthesis.dtree.DLeaf)
Set(java.util.Set)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
Optional(java.util.Optional)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
ComponentDefense(com.ge.verdict.synthesis.dtree.DLeaf.ComponentDefense)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
SystemModel(com.ge.verdict.attackdefensecollector.model.SystemModel)
Approach(com.ge.verdict.synthesis.VerdictSynthesis.Approach)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
File(java.io.File)
Pair(com.ge.verdict.synthesis.util.Pair)
Test(org.junit.Test)
Example 2 with Defense
use of com.ge.verdict.attackdefensecollector.adtree.Defense in project VERDICT by ge-high-assurance.
the class AttackDefenseCollector method loadAttacksDefensesFromCsv.
/**
* Load the attacks and defenses from CAPEC.csv and Defenses.csv, respectively.
*
* <p>This is factored out because it is used by both the CSV and VDM approaches.
*
* @param inputDir the STEM output directory
* @param connectionNameMap the map from connection names in the CSV files to the actual
* connection names
* @throws CSVFile.MalformedInputException
* @throws IOException
*/
private void loadAttacksDefensesFromCsv(String inputDir, Map<String, String> connectionNameMap) throws CSVFile.MalformedInputException, IOException {
// Load all the files as CSV
CSVFile capecCsv = new CSVFile(new File(inputDir, "CAPEC.csv"), true, "CompType", "CompInst", "CAPEC", "CAPECDescription", "Confidentiality", "Integrity", "Availability", "LikelihoodOfSuccess");
CSVFile defensesCsv = new CSVFile(new File(inputDir, "Defenses.csv"), true, "CompType", "CompInst", "CAPEC", "Confidentiality", "Integrity", "Availability", "ApplicableDefenseProperties", "ImplProperties", "DAL");
// Load attacks
for (CSVFile.RowData row : capecCsv.getRowDatas()) {
String systemTypeName = row.getCell("CompType");
String systemInstName = row.getCell("CompInst");
String attackName = row.getCell("CAPEC");
String attackDesc = row.getCell("CAPECDescription");
Prob likelihood = Prob.certain();
// Look at all three columns to figure out which one is being used
CIA cia = CIA.fromStrings(row.getCell("Confidentiality"), row.getCell("Integrity"), row.getCell("Availability"));
if ("Connection".equals(systemTypeName)) {
String connectionName = connectionNameMap.get(systemInstName);
for (ConnectionModel connection : connNameToConnectionModelMap.get(connectionName)) {
connection.getAttackable().addAttack(new Attack(connection.getAttackable(), attackName, attackDesc, likelihood, cia));
}
} else {
SystemModel system = getSystem(systemInstName);
system.getAttackable().addAttack(new Attack(system.getAttackable(), attackName, attackDesc, likelihood, cia));
}
}
// Note we don't use implemented property column in csv files if we vdm as input
for (CSVFile.RowData row : defensesCsv.getRowDatas()) {
String systemTypeName = row.getCell("CompType");
String systemInstName = row.getCell("CompInst");
String attackName = row.getCell("CAPEC");
CIA cia = CIA.fromStrings(row.getCell("Confidentiality"), row.getCell("Integrity"), row.getCell("Availability"));
List<String> defenseNames = Arrays.asList(row.getCell("ApplicableDefenseProperties").split(";")).stream().map(name -> name.length() > 0 ? Character.toString(name.charAt(0)).toLowerCase() + name.substring(1) : "").collect(Collectors.toList());
List<String> implProps = Arrays.asList(row.getCell("ImplProperties").split(";"));
List<String> likelihoodStrings = Arrays.asList(row.getCell("DAL").split(";"));
if (defenseNames.size() != implProps.size() || defenseNames.size() != likelihoodStrings.size()) {
throw new RuntimeException("ApplicableDefenseProperties, ImplProperties, and DAL must have same cardinality");
}
List<Defense> defenses = new ArrayList<>();
List<Defense.DefenseLeaf> clause = new ArrayList<>();
if ("Connection".equals(systemTypeName)) {
String connectionName = connectionNameMap.get(systemInstName);
for (ConnectionModel connection : connNameToConnectionModelMap.get(connectionName)) {
Defense defense = connection.getAttackable().getDefenseByAttackAndCia(attackName, cia);
if (defense == null) {
Attack attack = connection.getAttackable().getAttackByNameAndCia(attackName, cia);
if (attack == null) {
throw new RuntimeException("could not find attack: " + attackName + ", " + cia);
}
defense = new Defense(attack);
connection.getAttackable().addDefense(defense);
}
defenses.add(defense);
}
} else {
SystemModel system = getSystem(systemInstName);
Defense defense = system.getAttackable().getDefenseByAttackAndCia(attackName, cia);
if (defense == null) {
Attack attack = system.getAttackable().getAttackByNameAndCia(attackName, cia);
if (attack == null) {
throw new RuntimeException("could not find attack: " + attackName + ", " + cia);
}
defense = new Defense(attack);
system.getAttackable().addDefense(defense);
}
defenses.add(defense);
}
// TODO get defense descriptions from Defenses2NIST?
// Need to get correct name if connection
String entityName = "Connection".equals(systemTypeName) ? connectionNameMap.get(systemInstName) : systemInstName;
for (int i = 0; i < defenseNames.size(); i++) {
if (!"null".equals(defenseNames.get(i))) {
int dal = -1;
// it will be null if we are not loading from VDM
if (compDefenseToImplDal != null) {
// load DAL from VDM if available
Pair<String, String> pair = new Pair<>(entityName, defenseNames.get(i));
if (compDefenseToImplDal.containsKey(pair)) {
dal = compDefenseToImplDal.get(pair);
} else {
// if there is no binding present, then it is not implemented
dal = 0;
}
}
// this code treats applicable defense and impl defense as separate things
// but we have changed the capitalization so that they should be the same
Optional<Pair<String, Integer>> impl;
if (dal == -1) {
impl = "null".equals(implProps.get(i)) ? Optional.empty() : Optional.of(new Pair<>(implProps.get(i), Integer.parseInt(likelihoodStrings.get(i))));
} else {
impl = dal == 0 ? Optional.empty() : Optional.of(new Pair<>(defenseNames.get(i), dal));
}
clause.add(new Defense.DefenseLeaf(defenseNames.get(i), impl));
}
}
// And there are potentially multiple such rows, forming a DNF
for (Defense defense : defenses) {
defense.addDefenseClause(clause);
}
}
}
Also used :
CIA(com.ge.verdict.attackdefensecollector.model.CIA)
CyberNot(com.ge.verdict.attackdefensecollector.model.CyberNot)
CIAPort(verdict.vdm.vdm_model.CIAPort)
Arrays(java.util.Arrays)
VdmTranslator(com.ge.verdict.vdm.VdmTranslator)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
CyberAnd(com.ge.verdict.attackdefensecollector.model.CyberAnd)
CyberRel(com.ge.verdict.attackdefensecollector.model.CyberRel)
HashMap(java.util.HashMap)
CyberReq(com.ge.verdict.attackdefensecollector.model.CyberReq)
ArrayList(java.util.ArrayList)
GenericAttribute(verdict.vdm.vdm_data.GenericAttribute)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
LinkedHashMap(java.util.LinkedHashMap)
Model(verdict.vdm.vdm_model.Model)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
DefenseProperties(com.ge.verdict.vdm.DefenseProperties)
Map(java.util.Map)
Connection(verdict.vdm.vdm_model.Connection)
ComponentType(verdict.vdm.vdm_model.ComponentType)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
CyberExpr(com.ge.verdict.attackdefensecollector.model.CyberExpr)
SystemModel(com.ge.verdict.attackdefensecollector.model.SystemModel)
ComponentImpl(verdict.vdm.vdm_model.ComponentImpl)
CyberOr(com.ge.verdict.attackdefensecollector.model.CyberOr)
Collection(java.util.Collection)
Set(java.util.Set)
IOException(java.io.IOException)
ComponentInstance(verdict.vdm.vdm_model.ComponentInstance)
ConnectionModel(com.ge.verdict.attackdefensecollector.model.ConnectionModel)
Collectors(java.util.stream.Collectors)
File(java.io.File)
List(java.util.List)
Severity(verdict.vdm.vdm_model.Severity)
Optional(java.util.Optional)
Collections(java.util.Collections)
PortConcern(com.ge.verdict.attackdefensecollector.model.PortConcern)
Mission(verdict.vdm.vdm_model.Mission)
ArrayList(java.util.ArrayList)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
SystemModel(com.ge.verdict.attackdefensecollector.model.SystemModel)
CIA(com.ge.verdict.attackdefensecollector.model.CIA)
ConnectionModel(com.ge.verdict.attackdefensecollector.model.ConnectionModel)
File(java.io.File)
Example 3 with Defense
use of com.ge.verdict.attackdefensecollector.adtree.Defense in project VERDICT by ge-high-assurance.
the class DTreeConstructor method perform.
/**
* This is the part that actually constructs the dtree.
*
* @param adtree
* @return
*/
private DTree perform(ADTree adtree) {
Optional<DTree> resultOpt = constructInternal(adtree);
if (!resultOpt.isPresent()) {
return new DOr(Collections.emptyList());
} else {
DTree result = resultOpt.get();
// remove raw attack leaves that are covered by a defense
for (Defense defense : defenses) {
if (!attackALeafMap.containsKey(defense.getAttack())) {
throw new RuntimeException("defense references undefined attack: " + defense.getAttack().getName());
}
// it isn't included in the final tree
for (ALeaf aleaf : attackALeafMap.get(defense.getAttack())) {
aleaf.setMitigated();
}
}
// these are the raw attack leaves that aren't covered by a defense
Set<ALeaf> unmitigated = new LinkedHashSet<>();
for (Set<ALeaf> set : attackALeafMap.values()) {
for (ALeaf aleaf : set) {
if (!aleaf.isMitigated()) {
unmitigated.add(aleaf);
}
}
}
// raw attacks without corresponding defenses
for (ALeaf aleaf : unmitigated) {
System.out.println("Warning: Unmitigated attack: " + aleaf.getAttack().toString());
}
// connect the defense condition to its corresponding dleaf
for (DCondition dcond : dconditions) {
Optional<DLeaf.ComponentDefense> compDef = factory.lookup(dcond.defenseCond.getAttackable().getParentName(), dcond.defenseCond.getDefenseProperty());
if (compDef.isPresent()) {
dcond.setCompDef(compDef.get());
} else {
// This means that the defense isn't part of the attack-defense tree,
// so we need to create a dleaf (which implicitly creates an SMT variable)
// for it so that the DAL can get forced down to zero if necessary
// TODO this doesn't actually work. This is the screwy case that we need to fix.
DLeaf dleaf = new DLeaf(dcond.defenseCond.getAttackable().getParentName(), dcond.defenseCond.getDefenseProperty(), "", dcond.defenseCond.getImplDal(), 0, costModel, factory, usePartialSolution, meritAssignment);
dcond.setCompDef(dleaf.componentDefense);
}
}
// important to call prepare - collapses nested NOTs and removes unmitigated raw attack
// leaves
Optional<DTree> prepared = result.prepare();
return prepared.orElse(new DOr(Collections.emptyList()));
}
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
DLeaf(com.ge.verdict.synthesis.dtree.DLeaf)
DTree(com.ge.verdict.synthesis.dtree.DTree)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DOr(com.ge.verdict.synthesis.dtree.DOr)
ALeaf(com.ge.verdict.synthesis.dtree.ALeaf)
DCondition(com.ge.verdict.synthesis.dtree.DCondition)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
Example 4 with Defense
use of com.ge.verdict.attackdefensecollector.adtree.Defense in project VERDICT by ge-high-assurance.
the class DTreeConstructor method constructInternal.
/**
* Inductively-defined function over attack-defense trees.
*
* <p>The mapping from attack-defense tree to defense tree is pretty straightforward. One of the
* most important things to note is that AND and OR nodes are transposed in the transformation
* because they mean opposite things in a defense tree compared to an attack-defense tree. (An
* attack-defense tree is "how to attack", whereas a defense tree is "how to defend".)
*
* @param adtree
* @return
*/
private Optional<DTree> constructInternal(ADTree adtree) {
if (adtree instanceof Attack) {
Attack attack = (Attack) adtree;
ALeaf aleaf = new ALeaf(attack);
// keep track of all attack leaves
if (!attackALeafMap.containsKey(attack)) {
attackALeafMap.put(attack, new LinkedHashSet<>());
}
attackALeafMap.get(attack).add(aleaf);
return Optional.of(aleaf);
} else if (adtree instanceof Defense) {
Defense defense = (Defense) adtree;
defenses.add(defense);
return Optional.of(new DNot(constructDefenseTree(defense)));
} else if (adtree instanceof ADAnd) {
ADAnd adand = (ADAnd) adtree;
// Transpose and/or
return Optional.of(new DOr(adand.children().stream().map(this::constructInternal).flatMap(elem -> elem.isPresent() ? Stream.of(elem.get()) : Stream.empty()).collect(Collectors.toList())));
} else if (adtree instanceof ADOr) {
ADOr ador = (ADOr) adtree;
// Transpose and/or
return Optional.of(new DAnd(ador.children().stream().map(this::constructInternal).flatMap(elem -> elem.isPresent() ? Stream.of(elem.get()) : Stream.empty()).collect(Collectors.toList())));
} else if (adtree instanceof ADNot) {
ADNot adnot = (ADNot) adtree;
return constructInternal(adnot.child()).map(DNot::new);
} else if (adtree instanceof DefenseCondition) {
DCondition dcond = new DCondition((DefenseCondition) adtree);
dconditions.add(dcond);
return Optional.of(dcond);
} else {
throw new RuntimeException("got invalid adtree type: " + adtree.getClass().getCanonicalName());
}
}
Also used :
DCondition(com.ge.verdict.synthesis.dtree.DCondition)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DefenseCondition(com.ge.verdict.attackdefensecollector.adtree.DefenseCondition)
ArrayList(java.util.ArrayList)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
LinkedHashMap(java.util.LinkedHashMap)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
Map(java.util.Map)
DTree(com.ge.verdict.synthesis.dtree.DTree)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
LinkedHashSet(java.util.LinkedHashSet)
DLeaf(com.ge.verdict.synthesis.dtree.DLeaf)
DNot(com.ge.verdict.synthesis.dtree.DNot)
AttackDefenseCollector(com.ge.verdict.attackdefensecollector.AttackDefenseCollector)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
ALeaf(com.ge.verdict.synthesis.dtree.ALeaf)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
List(java.util.List)
Stream(java.util.stream.Stream)
Optional(java.util.Optional)
DAnd(com.ge.verdict.synthesis.dtree.DAnd)
DOr(com.ge.verdict.synthesis.dtree.DOr)
Collections(java.util.Collections)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DOr(com.ge.verdict.synthesis.dtree.DOr)
ALeaf(com.ge.verdict.synthesis.dtree.ALeaf)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
DCondition(com.ge.verdict.synthesis.dtree.DCondition)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
DAnd(com.ge.verdict.synthesis.dtree.DAnd)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
DNot(com.ge.verdict.synthesis.dtree.DNot)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DefenseCondition(com.ge.verdict.attackdefensecollector.adtree.DefenseCondition)
Example 5 with Defense
use of com.ge.verdict.attackdefensecollector.adtree.Defense in project VERDICT by ge-high-assurance.
the class DTreeConstructorTest method testConstruct.
@Test
public void testConstruct() {
DLeaf.Factory factory = new DLeaf.Factory();
CostModel dummyCosts = new CostModel(new File(getClass().getResource("dummyCosts.xml").getPath()));
int dal = 5;
SystemModel system = new SystemModel("S1");
Attack attack1 = new Attack(system.getAttackable(), "A1", "An attack", Prob.certain(), CIA.I);
Defense defense1 = new Defense(attack1);
defense1.addDefenseClause(Collections.singletonList(new Defense.DefenseLeaf("D1", Optional.empty())));
ADTree adtree = new ADOr(new ADAnd(new ADNot(defense1), attack1));
Fraction[] costs = Util.fractionCosts(new double[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 });
DTree dtree = new DAnd(Collections.singletonList(new DOr(Collections.singletonList(new DOr(Collections.singletonList(new DAnd(Collections.singletonList(new DLeaf("S1", "D1", "A1", 0, dal, costs, factory)))))))));
Assertions.assertThat(DTreeConstructor.construct(adtree, dummyCosts, dal, false, false, factory).prettyPrint()).isEqualTo(dtree.prettyPrint());
}
Also used :
DLeaf(com.ge.verdict.synthesis.dtree.DLeaf)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
DTree(com.ge.verdict.synthesis.dtree.DTree)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DOr(com.ge.verdict.synthesis.dtree.DOr)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
Fraction(org.apache.commons.math3.fraction.Fraction)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
DAnd(com.ge.verdict.synthesis.dtree.DAnd)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
SystemModel(com.ge.verdict.attackdefensecollector.model.SystemModel)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
File(java.io.File)
Test(org.junit.Test)
Aggregations
Defense (com.ge.verdict.attackdefensecollector.adtree.Defense)12
Attack (com.ge.verdict.attackdefensecollector.adtree.Attack)11
ADOr (com.ge.verdict.attackdefensecollector.adtree.ADOr)10
ADTree (com.ge.verdict.attackdefensecollector.adtree.ADTree)10
ADAnd (com.ge.verdict.attackdefensecollector.adtree.ADAnd)8
ADNot (com.ge.verdict.attackdefensecollector.adtree.ADNot)8
DLeaf (com.ge.verdict.synthesis.dtree.DLeaf)8
SystemModel (com.ge.verdict.attackdefensecollector.model.SystemModel)7
File (java.io.File)7
DOr (com.ge.verdict.synthesis.dtree.DOr)6
DTree (com.ge.verdict.synthesis.dtree.DTree)6
Test (org.junit.Test)6
DAnd (com.ge.verdict.synthesis.dtree.DAnd)5
Optional (java.util.Optional)4
Set (java.util.Set)4
Fraction (org.apache.commons.math3.fraction.Fraction)4
AttackDefenseCollector (com.ge.verdict.attackdefensecollector.AttackDefenseCollector)3
CyberReq (com.ge.verdict.attackdefensecollector.model.CyberReq)3
ALeaf (com.ge.verdict.synthesis.dtree.ALeaf)3
ArrayList (java.util.ArrayList)3
