diff --git a/src/main/mal/HardwareVulnerability.mal b/src/main/mal/HardwareVulnerability.mal new file mode 100644 index 0000000..b4ab35e --- /dev/null +++ b/src/main/mal/HardwareVulnerability.mal @@ -0,0 +1,80 @@ +/* + * Copyright 2019-2021 coreLang contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +category Vulnerability { + + asset HardwareVulnerability extends Vulnerability + user info: "A vulnerability that affects hardware." + { + # confidentialityImpactLimitations @suppress [Disabled] + user info: "Limits the impact on confidentiality of the vulnerability." + modeler info: "Analogous defence to the SoftwareVulnerability impact limitations." + -> read + + # availabilityImpactLimitations @suppress [Disabled] + user info: "Limits the impact on availability of the vulnerability." + modeler info: "Analogous defence to the SoftwareVulnerability impact limitations." + -> deny + + # integrityImpactLimitations @suppress [Disabled] + user info: "Limits the impact on integrity of the vulnerability." + modeler info: "Analogous defence to the SoftwareVulnerability impact limitations." + -> modify + + # effortRequiredToExploit @suppress [Disabled] + user info: "The vulnerability requires additional effort(time) from the attacker in order to be successful." + modeler info: "The expectation is that the attacker has prolonged or recurring access to the targeted hardware in order to repeatedly/continuously attempt the exploit." + -> exploitTrivially + + & read + user info: "The attacker can read some or all of the associated hardware's data." + -> hardware.read + + & modify + user info: "The attacker can modify some or all of the associated hardware's behaviour." + -> hardware.modify + + & deny + user info: "Denial-of-Service attack is an attack in which a machine or hardware component is rendered unavailable to its intended users by temporarily or indefinitely disrupting it." + -> hardware.deny + + | attemptExploit @Override + user info: "This is the attack step that must be reached in order for a vulnerability to be able to be exploited. This is also the single checkpoint for all vulnerabilities to model hindrances to employing an exploit." + -> exploitTrivially, + exploitWithEffort + + & exploitTrivially + user info: "The exploit is trivial and requires insignificant effort from the attacker in order to be successful." + -> exploit + + & exploitWithEffort [Exponential(0.01)] + user info: "The attacker must expend effort in order to successfully exploit the vulnerability." + developer info: "The distribution chosen here may be scientifically sound, but needs to be reevaluated to ensure that this is the case." + -> exploit + + | impact + user info: "The actual impact caused by successfully exploiting the vulnerability." + -> read, + modify, + deny + } + +} + +associations { + HardwareVulnerability [vulnerabilities] * <-- hardwareVulnerability --> 0..1 [hardware] Hardware + developer info: "Every Application can also be connected to any Vulnerability." +} diff --git a/src/main/mal/SoftwareVulnerability.mal b/src/main/mal/SoftwareVulnerability.mal index b50c301..8cd0fe5 100644 --- a/src/main/mal/SoftwareVulnerability.mal +++ b/src/main/mal/SoftwareVulnerability.mal @@ -72,7 +72,7 @@ category Vulnerability { # highComplexityExploitRequired @suppress [Disabled] user info: "The vulnerability relies on a high complexity exploit that requires the attacker to expend additional effort (time) in order to successfully make use of it." - developer info: "A vulnerability that has high complexity due to its intrisic properties that are beyond the attacker's control." + developer info: "A vulnerability that has high complexity due to its intrinsic properties that are beyond the attacker's control." modeler info: "https://www.first.org/cvss/v3.1/specification-document#2-1-2-Attack-Complexity-AC" -> exploitTrivially @@ -111,7 +111,7 @@ category Vulnerability { softwareProduct.modifyApplication & deny - user info: "Denial-of-Service attack is an attack in which a machine or network resource is rendered unavailable to its intended users by temporarily or indefinitely disrupting it." + user info: "Denial-of-Service attack is an attack in which an application is rendered unavailable to its intended users by temporarily or indefinitely disrupting it." -> application.deny, softwareProduct.denyApplication @@ -160,7 +160,6 @@ category Vulnerability { softwareProduct.readApplication } - } associations { diff --git a/src/main/mal/coreLang.mal b/src/main/mal/coreLang.mal index e7cd3b7..37506f6 100644 --- a/src/main/mal/coreLang.mal +++ b/src/main/mal/coreLang.mal @@ -16,92 +16,69 @@ include "coreVulnerability.mal" include "SoftwareVulnerability.mal" +include "HardwareVulnerability.mal" category ComputeResources { - abstract asset Object - developer info: "An object is the simplest form of an asset that can be compromised by a vulnerability." + asset Hardware + user info: "Specifies the hardware on which applications can run." { - | attemptUseVulnerability - user info: "Attempt to use the associated vulnerabilities." - - | deny {A} - user info: "The attacker can deny some or all functionality of an object." - - | bypassAccessControl @hidden {C, I} - user info: "The attacker can bypass the access control and gain full access after a vulnerability is abused." - } - - asset System extends Object - user info: "A system specifies the hardware on which applications can run." - developer info: "The attacker can DoS everything that is running on it and access (using physical control) on the OS after effort." - { - | connect - user info: "The attacker can connect to the instance, e.g., through a shell, but has not yet authenticated." - -> attemptGainFullAccess, - specificAccess, - attemptUseVulnerability - - & attemptConnect [HardAndUncertain] - user info: "If an attacker has physical access on the premises of a System, he could (not always) try to connect to that System." - modeler info: "The probability and its value are just estimations and are subject to change." - -> connect - - & attemptUsePhysicalVulnerability - user info: "Attempt to use the associated physical vulnerabilities." + | attemptUseVulnerability @hidden + developer info: "Intermediate attack step to allow for defences." + -> useVulnerability - | allPrivilegeAuthenticate @hidden - developer info: "Entry point attack step from identity." - -> attemptGainFullAccess - - | individualPrivilegeAuthenticate @hidden - developer info: "Entry point attack step from identity." - -> specificAccess + & useVulnerability + user info: "The attacker is able to use the connected vulnerabilities, usually as a result of obtaining physical access." + -> vulnerabilities.attemptAbuse - & attemptGainFullAccess @hidden - developer info: "This is an intermediate step to ensure connection is possible before gaining full access." + | attemptGainFullAccess @hidden + developer info: "Intermediate attack step to allow for defences." -> fullAccess - | fullAccess {C,I,A} - user info: "Full access on a system allows the compromise or legitimate access on everything/all the privillges of the system: identities, applications, data, etc." + & fullAccess {C,I,A} + user info: "Full access on a piece of hardware confers full access on the applications running on it and access to the hosted data." -> sysExecutedApps.fullAccess, - highPrivSysIds.assume, - lowPrivSysIds.assume, - highPrivSysGroups.compromiseGroup, - lowPrivSysGroups.compromiseGroup, - sysData.attemptAccess - - & specificAccess - user info: "Specific access only allows the local connection (through localhost) to the hosted applications." - -> sysExecutedApps.localConnect + hostedData.attemptAccess | attemptSupplyChainAttack developer info: "Intermediate attack step to allow for the auditing defence." -> supplyChainAttack & supplyChainAttack [VeryHardAndUncertain] - user info: "Adversaries may perform supply chain compromise to gain control systems environment access by means of infected hardware of firmware." + user info: "Adversaries may perform supply chain compromise attacks to gain control of hardware before it is put into use." developer info: "Based on supply chain attacks in icsLang as designed by Sotirios." - modeler info: "The probability fucntion and its value is just an estimation! The System supply chain attack represents an attacker being able to tamper with the hardware/firmware before the deployment of the product and not altierations made to the hardware/firmware once it is operating." - -> bypassAccessControl + modeler info: "The probability function and its value is just an estimation! The Hardware supply chain attack represents an attacker being able to tamper with the hardware/firmware before the deployment of the product and not alterations made to the hardware/firmware once it is operating." + -> bypassHardwareModificationsProtection # supplyChainAuditing user info: "Auditing inside the supply chain can detect possible supply chain attacks." - developer info: "Mitigation based on the supply chain attack mitigation in icsLang as designed by Sotirios." + developer info: "Mitigation moved into coreLang from icsLang. Originally designed by Sotirios." -> supplyChainAttack | physicalAccess - user info: "Attacker has physical access on the location where the system is physically deployed. He could then exploit physical vulnerabilities and attempt to connect to the system." + user info: "Attacker has physical access to the location where the hardware is physically deployed. They could then deny the hardware, locally connect to the hosted applications, and exploit physical vulnerabilities." -> deny, - attemptConnect, - attemptUsePhysicalVulnerability, + sysExecutedApps.localConnect, + attemptHardwareModifications + + | attemptHardwareModifications @hidden + developer info: "Intermediate attack step." + -> successfulHardwareModifications + + & successfulHardwareModifications @hidden + developer info: "Intermediate attack step to enable defences." + -> hardwareModifications + + | hardwareModifications + user info: "Attacker is able to modify the hardware setup. They could then exploit physical vulnerabilities or software vulnerabilities that require physical access." + -> attemptUseVulnerability, sysExecutedApps.physicalAccessAchieved # hardwareModificationsProtection - user info: "This defense protects against unauthorized modifications to the hardware of the system that could lead to bypass of access control via e.g. a vulnerability." - developer info: "But it does not protect against denial of service attacks." - -> attemptConnect, - attemptUsePhysicalVulnerability, + user info: "This defence protects against unauthorized modifications to the hardware that would allow an attacker to exploit a hardware vulnerability or a user to connect malicious devices to it." + developer info: "But it does not protect against denial of service attacks or local connect." + -> useVulnerability, + successfulHardwareModifications, unsafeUserActivity | attemptUnsafeUserActivity @@ -109,22 +86,36 @@ category ComputeResources { -> unsafeUserActivity & unsafeUserActivity - user info: "A user is performing unsafe actions on the system. This exposes the Applications running on the system. Currently only represents connecting a removable media drive." + user info: "A user is performing unsafe actions on the hardware." + developer info: "This exposes the Applications running on top of the hardware and fulfils the physical access requirement of SoftwareVulnerabilities associated with them." + modeler info: "Currently only represents connecting a malicious removable media drive." -> sysExecutedApps.attemptUnsafeUserActivity, sysExecutedApps.physicalAccessAchieved | deny {A} - user info: "Denial of service (DoS) attack on a system leads to DoS on all the executed applications." - -> sysExecutedApps.deny + user info: "Denial of service (DoS) attack on hardware leads to DoS on all the applications running on it and hosted data." + -> sysExecutedApps.deny, + hostedData.attemptDeny - | bypassAccessControl @hidden {C, I} - user info: "The attacker can bypass the access control and gain full access after being able to connect to the system and a vulnerability is abused." - -> fullAccess + | read {C} + user info: "Read on hardware leads to a read on all the applications running on it and hosted data." + -> sysExecutedApps.read, + hostedData.attemptRead + + | modify {I} + user info: "Modify on hardware leads to a modify/write on all the applications running on it and hosted data." + -> attemptGainFullAccess, + sysExecutedApps.modify, + hostedData.attemptWrite + + | bypassHardwareModificationsProtection @hidden {C, I} + user info: "The attacker can bypass the hardware modifications protection and gain full access after performing a supply chain attack." + -> attemptGainFullAccess } asset SoftwareProduct user info: "A software product is a specific type of software/application which can be associated with specific vulnerabilities." - developer info: "This asset is only introduces in order to imrpove the usability of the language." + developer info: "This asset is only introduces in order to improve the usability of the language." { | compromiseApplication user info: "If the origin of a software product is compromised (modified maliciously) then the associated application should also be fully compromised." @@ -143,7 +134,7 @@ category ComputeResources { -> softApplications.attemptDenyAfterSoftProdVulnerability } - asset Application extends Object + asset Application user info: "An application models pretty much everything that is executed or can execute other applications." { let allVulnerabilities = vulnerabilities \/ appSoftProduct.softProductVulnerabilities @@ -301,7 +292,8 @@ category ComputeResources { accessNetworkAndConnections, // and access the network(s) and connections on/to which the app is connected hostApp.localConnect, // and localConnect on the host application managedRoutingFw.fullAccess, // if the routing firewall manager app is compromised the routing firewall should also be compromised - specificAccess // And also provide specificAccess, mainly for completeness and more intuitive results + specificAccess, // And also provide specificAccess, mainly for completeness and more intuitive results + hostHardware.attemptUseVulnerability | physicalAccessAchieved @hidden developer info: "Intermediate attack step used to propagate physical access throughout application nesting." @@ -479,11 +471,12 @@ category ComputeResources { } asset PhysicalZone - user info: "A physical zone is the location where systems are physically deployed." + user info: "A physical zone is the location where hardware systems are physically deployed." { | gainPhysicalAccess - user info: "By gaining access on a physical zone, physical access on the housed systems is also gained." - -> systems.physicalAccess + user info: "By gaining access on a physical zone, physical access on the housed hardware is also gained." + -> hardwareSystems.physicalAccess, + networks.physicalAccess } } @@ -606,7 +599,7 @@ category DataResources { successfulDelete # dataNotPresent [Disabled] - user info: "It should be used to model the probability of data actually not existing on the connected container (i.e. System, Application, Connection, etc.)." + user info: "It should be used to model the probability of data actually not existing on the connected container (i.e. Hardware, Application, Connection, etc.)." developer info: "This attack step is in series with the 'accessUnencryptedData' attack step because there is no reason to defend encrypted data (or deny them) if they do not exist..." -> accessUnencryptedData, successfulDeny @@ -821,8 +814,6 @@ category IAM { -> parentId.assume, memberOf.compromiseGroup, identityPrivileges.attemptAssume, - lowPrivManagedSystems.individualPrivilegeAuthenticate, - highPrivManagedSystems.allPrivilegeAuthenticate, execPrivApps.authenticate, highPrivApps.authenticate, lowPrivApps.specificAccessAuthenticate, @@ -859,8 +850,6 @@ category IAM { user info: "If an identity of a group is compromised then the whole group (i.e. all other privileges of the group) should be considered as compromised. Furthermore, the parent groups should also be considered compromised." developer info: "The parent groups should be compromised because all the privileges of the parent groups are inherited on the children groups but lower children groups should not be compromised because lower levels might have inherited plus additional privileges." -> parentGroup.compromiseGroup, - lowPrivManagedSystems.individualPrivilegeAuthenticate, - highPrivManagedSystems.allPrivilegeAuthenticate, execPrivApps.authenticate, highPrivApps.authenticate, lowPrivApps.specificAccessAuthenticate, @@ -1009,8 +998,8 @@ category User { user info: "An attacker can try to deliver a removable media drive(e.g. USB drive) containing malicious code to a location accessible to the target users." developer info: "The probability distribution is entirely arbitrary and should be researched in greater detail." -> userIds.attemptAssume, - userIds.highPrivManagedSystems.attemptUnsafeUserActivity, - userIds.lowPrivManagedSystems.attemptUnsafeUserActivity + physicalZones.hardwareSystems.attemptUnsafeUserActivity, + hardwareSystems.attemptUnsafeUserActivity | phishUser user info: "The attacker can phish the user to gain access to their credentials." @@ -1246,17 +1235,23 @@ category Networking { } associations { - System [hostSystem] 0..1 <-- SysExecution --> * [sysExecutedApps] Application - developer info: "System is the hardware on which Applications are running. The host system is not mandatory to be specified but if it is, it adds on the model!" + Hardware [hostHardware] 0..1 <-- SysExecution --> * [sysExecutedApps] Application + developer info: "Hardware on which Applications are running. The host hardware is not mandatory to be specified but if it is, it adds on the model!" Application [hostApp] 0..1 <-- AppExecution --> * [appExecutedApps] Application developer info: "Application 1 runs application 2 runs application 3! (Where application 1 can be an OS, application 2 is a VM and application 3 is app running on the VM." IDPS [protectorIDPSs] * <-- AppProtection --> * [protectedApps] Application developer info: "IDPSs can provide protection to other applications." SoftwareProduct [appSoftProduct] 0..1 <-- AppSoftwareProduct --> * [softApplications] Application user info: "An application can be associated with a software product that has some specific characteristics such as specific Vulnerabilities." + PhysicalZone [physicalZones] * <-- ZoneInclusion --> * [hardwareSystems] Hardware + developer info: "Access on PhysicalZone will give physicalAccess on the deployed Hardware, but access to the hardware does not provide access to the physical zone (e.g. iLOs)." + PhysicalZone [physicalZones] * <-- ZoneInclusion --> * [networks] Network + developer info: "Access on PhysicalZone will give physicalAccess on the deployed networks, but access to the network does not provide access to the physical zone." + PhysicalZone [physicalZones] * <-- ZoneAccess --> * [users] User + developer info: "A user may have access to different physical zones." + Hardware [hardwareSystems] * <-- HardwareAccess --> * [users] User + developer info: "A user may have access to different hardware systems, rigs, or components." // ### Networking associations - PhysicalZone [physicalZone] 0..1 <-- ZoneInclusion --> * [systems] System - developer info: "Access on PhysicalZone will give physicalAccess on the deployed Systems but access on a System does not always provide access to the physical zone (e.g. iLOs)." RoutingFirewall [routingFirewalls] 0..1 <-- ConnectionRule --> * [connectionRules] ConnectionRule user info: "A routing firewall has routing or firewall rules specified by connections between networks or applications respectively." RoutingFirewall [managedRoutingFw] * <-- ManagedBy --> 0..1[managerApp] Application @@ -1293,8 +1288,8 @@ associations { user info: "An application can also receive some data that are supposed to be transfered over a connection. This expresses an active connection." Data [transitData] * <-- DataInTransit --> * [transitNetwork] Network user info: "A network can also contain some data that are supposed to be network-wide available." - System [system] 0..1 <-- DataHosting --> * [sysData] Data - user info: "A system can host data." + Hardware [hardware] 0..1 <-- DataHosting --> * [hostedData] Data + user info: "Data can be hosted on hardware." Data [containerData] * <-- InfoContainment --> * [information] Information user info: "Data can contain information, as for example credentials." Data [dataReplicas] * <-- Replica --> * [replicatedInformation] Information @@ -1316,17 +1311,7 @@ associations { user info: "Starting from a parent Identity, the child Identities can be assumed due to inheritance." Group [memberOf] * <-- MemberOf --> * [groupIds] Identity Group [parentGroup] * <-- MemberOf --> * [childGroups] Group - // First on system level - Identity [highPrivSysIds] * <-- HighPrivilegeAccess --> * [highPrivManagedSystems] System - user info: "High privilege access on a System results in the compromise of all the privileges assigned to that system." - Identity [lowPrivSysIds] * <-- LowPrivilegeAccess --> * [lowPrivManagedSystems] System - user info: "Low privilege access on a System provides individual identity access on the system." - // And the same for Groups - Group [highPrivSysGroups] * <-- HighPrivilegeAccess --> * [highPrivManagedSystems] System - user info: "High privilege access on a System results in the compromise of all the privileges assigned to that system." - Group [lowPrivSysGroups] * <-- LowPrivilegeAccess --> * [lowPrivManagedSystems] System - user info: "Low privilege access on a System provides individual identity access on the system." - // Then, Access Control on application level + // Access Control on application level Identity [executionPrivIds] * <-- ExecutionPrivilegeAccess --> * [execPrivApps] Application user info: "Every application executes on a system with privileges of a specified identity on the system. If the application is compromised then the privileges should be compromised." Identity [highPrivAppIds] * <-- HighPrivilegeApplicationAccess --> * [highPrivApps] Application diff --git a/src/test/java/org/mal_lang/corelang/test/HardwareTest.java b/src/test/java/org/mal_lang/corelang/test/HardwareTest.java new file mode 100644 index 0000000..c4f7592 --- /dev/null +++ b/src/test/java/org/mal_lang/corelang/test/HardwareTest.java @@ -0,0 +1,122 @@ +package org.mal_lang.corelang.test; + +import core.Attacker; +import core.AttackStep; +import org.junit.jupiter.api.Test; + +public class HardwareTest extends CoreLangTest { + private static class HardwareTestModel { + public final Hardware hardware; + public final Application application = new Application("application"); + public final Data data = new Data("data"); + + public HardwareTestModel(boolean supplyChainAuditing, + boolean hardwareModificationsProtection) { + hardware = new Hardware("hardware", supplyChainAuditing, hardwareModificationsProtection); + hardware.addSysExecutedApps(application); + hardware.addHostedData(data); + } + + public void addAttacker(Attacker attacker, AttackStep attackpoint) { + attacker.addAttackPoint(attackpoint); + } + } + + private static class HardwareWithVulnerabilityTestModel { + public final Hardware hardware; + public final HardwareVulnerability hardwareVulnerability; + public final Application application = new Application("application"); + public final Data data = new Data("data"); + + public HardwareWithVulnerabilityTestModel(boolean supplyChainAuditing, + boolean hardwareModificationsProtection, + boolean remove, + boolean confidentialityImpactLimitations, + boolean availabilityImpactLimitations, + boolean integrityImpactLimitations, + boolean effortRequiredToExploit) { + hardware = new Hardware("hardware", supplyChainAuditing, hardwareModificationsProtection); + hardwareVulnerability = new + HardwareVulnerability("hardwareVulnerability", remove, + confidentialityImpactLimitations, + availabilityImpactLimitations, + integrityImpactLimitations, + effortRequiredToExploit); + hardware.addVulnerabilities(hardwareVulnerability); + hardware.addSysExecutedApps(application); + hardware.addHostedData(data); + } + + public void addAttacker(Attacker attacker, AttackStep attackpoint) { + attacker.addAttackPoint(attackpoint); + } + } + + @Test + public void testPhysicalAccessNoHardwareModificationsProtection() { + printTestName(Thread.currentThread().getStackTrace()[1].getMethodName()); + var model = new HardwareTestModel(false, false); + + var attacker = new Attacker(); + model.addAttacker(attacker,model.hardware.physicalAccess); + attacker.attack(); + + model.hardware.deny.assertCompromisedInstantaneously(); + model.hardware.attemptUseVulnerability.assertCompromisedInstantaneously(); + model.hardware.fullAccess.assertUncompromised(); + model.application.physicalAccessAchieved.assertCompromisedInstantaneously(); + } + + @Test + public void testPhysicalAccessWithHardwareModificationsProtection() { + printTestName(Thread.currentThread().getStackTrace()[1].getMethodName()); + var model = new HardwareTestModel(false, true); + + var attacker = new Attacker(); + model.addAttacker(attacker,model.hardware.physicalAccess); + attacker.attack(); + + model.hardware.deny.assertCompromisedInstantaneously(); + model.hardware.attemptUseVulnerability.assertUncompromised(); + model.hardware.fullAccess.assertUncompromised(); + model.application.physicalAccessAchieved.assertUncompromised(); + } + + @Test + public void testPhysicalAccessWithVulnerabilityNoHardwareModificationsProtection() { + printTestName(Thread.currentThread().getStackTrace()[1].getMethodName()); + var model = new HardwareWithVulnerabilityTestModel(false, false, + false, false, false, false, false); + + var attacker = new Attacker(); + model.addAttacker(attacker,model.hardware.physicalAccess); + attacker.attack(); + + model.hardware.deny.assertCompromisedInstantaneously(); + model.hardware.attemptUseVulnerability.assertCompromisedInstantaneously(); + model.hardware.fullAccess.assertCompromisedInstantaneously(); + model.application.physicalAccessAchieved.assertCompromisedInstantaneously(); + model.application.fullAccess.assertCompromisedInstantaneously(); + model.data.attemptAccess.assertCompromisedInstantaneously(); + } + + @Test + public void testPhysicalAccessWithVulnerabilityWithHardwareModificationsProtection() { + printTestName(Thread.currentThread().getStackTrace()[1].getMethodName()); + var model = new HardwareWithVulnerabilityTestModel(false, true, + false, false, false, false, false); + + var attacker = new Attacker(); + model.addAttacker(attacker,model.hardware.physicalAccess); + attacker.attack(); + + model.hardware.deny.assertCompromisedInstantaneously(); + model.hardware.attemptUseVulnerability.assertUncompromised(); + model.hardware.fullAccess.assertUncompromised(); + model.application.physicalAccessAchieved.assertUncompromised(); + model.application.fullAccess.assertUncompromised(); + model.data.attemptAccess.assertUncompromised(); + } + +} + diff --git a/src/test/java/org/mal_lang/corelang/test/IAMIntegrationTests.java b/src/test/java/org/mal_lang/corelang/test/IAMIntegrationTests.java index f415c04..9f1be92 100644 --- a/src/test/java/org/mal_lang/corelang/test/IAMIntegrationTests.java +++ b/src/test/java/org/mal_lang/corelang/test/IAMIntegrationTests.java @@ -5,7 +5,7 @@ public class IAMIntegrationTests extends CoreLangTest { public class IAMIntegrationTestModel { - public final System server = new System("Server"); + public final Hardware server = new Hardware("Server"); public final Application rhel = new Application("RHEL"); public final Application oracle = new Application("Oracle"); public final Application otherapp = new Application("OtherApp"); diff --git a/src/test/java/org/mal_lang/corelang/test/SystemTest.java b/src/test/java/org/mal_lang/corelang/test/SystemTest.java deleted file mode 100644 index 243831e..0000000 --- a/src/test/java/org/mal_lang/corelang/test/SystemTest.java +++ /dev/null @@ -1,97 +0,0 @@ -package org.mal_lang.corelang.test; - -import core.Attacker; -import core.AttackStep; -import org.junit.jupiter.api.Test; - -public class SystemTest extends CoreLangTest { - private static class SystemTestModel { - public final System system; - - public SystemTestModel(boolean hardwareAdditionsProtection) { - system = new System("system", true, hardwareAdditionsProtection); - - } - - public void addAttacker(Attacker attacker, AttackStep attackpoint) { - attacker.addAttackPoint(attackpoint); - } - } - - @Test - public void testNoAuthenticate() { - printTestName(Thread.currentThread().getStackTrace()[1].getMethodName()); - var model = new SystemTestModel(false); - - var attacker = new Attacker(); - model.addAttacker(attacker,model.system.connect); - attacker.attack(); - - model.system.specificAccess.assertUncompromised(); - model.system.attemptGainFullAccess.assertUncompromised(); - model.system.fullAccess.assertUncompromised(); - } - - @Test - public void testConnectAndSpecificPrivilegeAuthenticate() { - printTestName(Thread.currentThread().getStackTrace()[1].getMethodName()); - var model = new SystemTestModel(false); - - var attacker = new Attacker(); - model.addAttacker(attacker,model.system.connect); - model.addAttacker(attacker,model.system.specificAccess); - attacker.attack(); - - model.system.specificAccess.assertCompromisedInstantaneously(); - model.system.attemptGainFullAccess.assertUncompromised(); - model.system.fullAccess.assertUncompromised(); - } - - @Test - public void testConnectAndAllPrivilegeAuthenticate() { - printTestName(Thread.currentThread().getStackTrace()[1].getMethodName()); - var model = new SystemTestModel(false); - - var attacker = new Attacker(); - model.addAttacker(attacker,model.system.connect); - model.addAttacker(attacker,model.system.allPrivilegeAuthenticate); - attacker.attack(); - - model.system.specificAccess.assertUncompromised(); - model.system.attemptGainFullAccess.assertCompromisedInstantaneously(); - model.system.fullAccess.assertCompromisedInstantaneously(); - } - - @Test - public void testHardwareProtectionDisabled() { - printTestName(Thread.currentThread().getStackTrace()[1].getMethodName()); - var model = new SystemTestModel(false); - - var attacker = new Attacker(); - model.addAttacker(attacker,model.system.physicalAccess); - attacker.attack(); - - model.system.attemptConnect.assertCompromisedInstantaneously(); - model.system.attemptUsePhysicalVulnerability.assertCompromisedInstantaneously(); - model.system.specificAccess.assertUncompromised(); - model.system.attemptGainFullAccess.assertUncompromised(); - model.system.fullAccess.assertUncompromised(); - } - - @Test - public void testHardwareProtectionEnabled() { - printTestName(Thread.currentThread().getStackTrace()[1].getMethodName()); - var model = new SystemTestModel(true); - - var attacker = new Attacker(); - model.addAttacker(attacker,model.system.physicalAccess); - attacker.attack(); - - model.system.attemptConnect.assertUncompromised(); - model.system.attemptUsePhysicalVulnerability.assertUncompromised(); - model.system.specificAccess.assertUncompromised(); - model.system.attemptGainFullAccess.assertUncompromised(); - model.system.fullAccess.assertUncompromised(); - } - -}