Example 1 with DefenseCondition
use of com.ge.verdict.attackdefensecollector.adtree.DefenseCondition in project VERDICT by ge-high-assurance.
the class DTreeConstructor method constructInternal.
/**
* Inductively-defined function over attack-defense trees.
*
* <p>The mapping from attack-defense tree to defense tree is pretty straightforward. One of the
* most important things to note is that AND and OR nodes are transposed in the transformation
* because they mean opposite things in a defense tree compared to an attack-defense tree. (An
* attack-defense tree is "how to attack", whereas a defense tree is "how to defend".)
*
* @param adtree
* @return
*/
private Optional<DTree> constructInternal(ADTree adtree) {
if (adtree instanceof Attack) {
Attack attack = (Attack) adtree;
ALeaf aleaf = new ALeaf(attack);
// keep track of all attack leaves
if (!attackALeafMap.containsKey(attack)) {
attackALeafMap.put(attack, new LinkedHashSet<>());
}
attackALeafMap.get(attack).add(aleaf);
return Optional.of(aleaf);
} else if (adtree instanceof Defense) {
Defense defense = (Defense) adtree;
defenses.add(defense);
return Optional.of(new DNot(constructDefenseTree(defense)));
} else if (adtree instanceof ADAnd) {
ADAnd adand = (ADAnd) adtree;
// Transpose and/or
return Optional.of(new DOr(adand.children().stream().map(this::constructInternal).flatMap(elem -> elem.isPresent() ? Stream.of(elem.get()) : Stream.empty()).collect(Collectors.toList())));
} else if (adtree instanceof ADOr) {
ADOr ador = (ADOr) adtree;
// Transpose and/or
return Optional.of(new DAnd(ador.children().stream().map(this::constructInternal).flatMap(elem -> elem.isPresent() ? Stream.of(elem.get()) : Stream.empty()).collect(Collectors.toList())));
} else if (adtree instanceof ADNot) {
ADNot adnot = (ADNot) adtree;
return constructInternal(adnot.child()).map(DNot::new);
} else if (adtree instanceof DefenseCondition) {
DCondition dcond = new DCondition((DefenseCondition) adtree);
dconditions.add(dcond);
return Optional.of(dcond);
} else {
throw new RuntimeException("got invalid adtree type: " + adtree.getClass().getCanonicalName());
}
}
Also used :
DCondition(com.ge.verdict.synthesis.dtree.DCondition)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DefenseCondition(com.ge.verdict.attackdefensecollector.adtree.DefenseCondition)
ArrayList(java.util.ArrayList)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
LinkedHashMap(java.util.LinkedHashMap)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
Map(java.util.Map)
DTree(com.ge.verdict.synthesis.dtree.DTree)
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
LinkedHashSet(java.util.LinkedHashSet)
DLeaf(com.ge.verdict.synthesis.dtree.DLeaf)
DNot(com.ge.verdict.synthesis.dtree.DNot)
AttackDefenseCollector(com.ge.verdict.attackdefensecollector.AttackDefenseCollector)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
ALeaf(com.ge.verdict.synthesis.dtree.ALeaf)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
List(java.util.List)
Stream(java.util.stream.Stream)
Optional(java.util.Optional)
DAnd(com.ge.verdict.synthesis.dtree.DAnd)
DOr(com.ge.verdict.synthesis.dtree.DOr)
Collections(java.util.Collections)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DOr(com.ge.verdict.synthesis.dtree.DOr)
ALeaf(com.ge.verdict.synthesis.dtree.ALeaf)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
DCondition(com.ge.verdict.synthesis.dtree.DCondition)
Attack(com.ge.verdict.attackdefensecollector.adtree.Attack)
ADAnd(com.ge.verdict.attackdefensecollector.adtree.ADAnd)
DAnd(com.ge.verdict.synthesis.dtree.DAnd)
Defense(com.ge.verdict.attackdefensecollector.adtree.Defense)
DNot(com.ge.verdict.synthesis.dtree.DNot)
ADNot(com.ge.verdict.attackdefensecollector.adtree.ADNot)
ADOr(com.ge.verdict.attackdefensecollector.adtree.ADOr)
DefenseCondition(com.ge.verdict.attackdefensecollector.adtree.DefenseCondition)
Example 2 with DefenseCondition
use of com.ge.verdict.attackdefensecollector.adtree.DefenseCondition in project VERDICT by ge-high-assurance.
the class DependentRules method getComponentDependence.
public static Optional<ADTree> getComponentDependence(SystemModel component, String attackName) {
List<ADTree> paths = new ArrayList<>();
switch(attackName) {
case "CAPEC-21":
for (ConnectionModel connection : component.getIncomingConnections()) {
if ("Untrusted".equals(connection.getAttributes().get("connectionType"))) {
// Vul-CAPEC-21-1
paths.add(new DefenseCondition(connection.getAttackable(), "deviceAuthentication", 1));
}
}
for (ConnectionModel connection : component.getOutgoingConnections()) {
if ("Untrusted".equals(connection.getAttributes().get("connectionType"))) {
// Vul-CAPEC-21-2
paths.add(new DefenseCondition(connection.getAttackable(), "deviceAuthentication", 1));
}
}
return mkRet(component.getAttackable(), attackName, paths);
case "CAPEC-112":
for (ConnectionModel connection : component.getIncomingConnections()) {
// Vul-CAPEC-112-1, Vul-CAPEC-112-3, Vul-CAPEC-112-5
paths.add(new DefenseCondition(connection.getAttackable(), "deviceAuthentication", 1));
// Vul-CAPEC-112-2, Vul-CAPEC-112-4, Vul-CAPEC-112-6
paths.add(new DefenseCondition(connection.getAttackable(), "encryptedTransmission", 1));
}
return mkRet(component.getAttackable(), attackName, paths);
case "CAPEC-114":
for (ConnectionModel connection : component.getIncomingConnections()) {
// Vul-CAPEC-114-1, Vul-CAPEC-114-2, Vul-CAPEC-114-3
paths.add(new DefenseCondition(connection.getAttackable(), "deviceAuthentication", 1));
}
return mkRet(component.getAttackable(), attackName, paths);
case "CAPEC-115":
for (ConnectionModel connection : component.getIncomingConnections()) {
// Vul-CAPEC-115-1, Vul-CAPEC-115-2, Vul-CAPEC-115-3
paths.add(new DefenseCondition(connection.getAttackable(), "deviceAuthentication", 1));
}
return mkRet(component.getAttackable(), attackName, paths);
case "CAPEC-390":
paths.add(new DefenseCondition(component.getAttackable(), "physicalAccessControl", 1));
return mkRet(component.getAttackable(), attackName, paths);
default:
return Optional.empty();
}
}
Also used :
ADTree(com.ge.verdict.attackdefensecollector.adtree.ADTree)
ArrayList(java.util.ArrayList)
ConnectionModel(com.ge.verdict.attackdefensecollector.model.ConnectionModel)
DefenseCondition(com.ge.verdict.attackdefensecollector.adtree.DefenseCondition)
Aggregations
ADTree (com.ge.verdict.attackdefensecollector.adtree.ADTree)2
DefenseCondition (com.ge.verdict.attackdefensecollector.adtree.DefenseCondition)2
ArrayList (java.util.ArrayList)2
AttackDefenseCollector (com.ge.verdict.attackdefensecollector.AttackDefenseCollector)1
ADAnd (com.ge.verdict.attackdefensecollector.adtree.ADAnd)1
ADNot (com.ge.verdict.attackdefensecollector.adtree.ADNot)1
ADOr (com.ge.verdict.attackdefensecollector.adtree.ADOr)1
Attack (com.ge.verdict.attackdefensecollector.adtree.Attack)1
Defense (com.ge.verdict.attackdefensecollector.adtree.Defense)1
ConnectionModel (com.ge.verdict.attackdefensecollector.model.ConnectionModel)1
ALeaf (com.ge.verdict.synthesis.dtree.ALeaf)1
DAnd (com.ge.verdict.synthesis.dtree.DAnd)1
DCondition (com.ge.verdict.synthesis.dtree.DCondition)1
DLeaf (com.ge.verdict.synthesis.dtree.DLeaf)1
DNot (com.ge.verdict.synthesis.dtree.DNot)1
DOr (com.ge.verdict.synthesis.dtree.DOr)1
DTree (com.ge.verdict.synthesis.dtree.DTree)1
Collections (java.util.Collections)1
LinkedHashMap (java.util.LinkedHashMap)1
LinkedHashSet (java.util.LinkedHashSet)1
