mike1813
commented
5 months ago P.L.HPmAC.0 and P.L.HPsAC.0 have the same cause and effect as P.L.HPmAC.1, which is just a copy-and-paste error as suspected. These threats were created as copies of P.L.HPmAC.1, but the cause and effect terms were not updated as intended.
Access rights at hosts or processes are contextualised. As discussed in #9, to provide users a way to specify an untrustworthy host manager or user, it is necessary to use two behaviour/TWA pairs:
The way these are supposed to work is set out in this diagram:
This pertains to User TW, representing unpriviliged access to a Host, or access with the rights of a specific Process. A similar approach is used for Control, representing privileged (root) access to a Host. The idea is that the TWA 'User TW' can be set by system-modeller users to indicate where a host/process is believed to be compromised, and the behaviour 'Loss of User TW' is the place to specify the impact level (if any) for such a compromise. The 'local' versions connect everything without creating a loop-back.
The bug is in the cause-and-effect terms of some threats, which (probably through a cut-and-paste error) do not all correspond to the diagram. They need to be reviewed and fixed.