search

mal-lang / coreLang

A probabilistic attack simulation language for the (abstract) IT domain
https://mal-lang.org/coreLang/
Other
11 stars 13 forks source link

Data-in-Data readonly-access? #32

Closed jesajx closed 3 years ago

jesajx commented 3 years ago

Hi, I think I might have found a bug (unless I'm missing something).

Some failing tests to demonstrate the bug can be found here. See // TODO fails.

Essentially, let there be two Data-assets named X and Y. Also let X.containedData = {Y}. Then we have that: X.identityRead implies Y.write -- which I think is a bug.

I think the problem is the edge readContainedDataAndInformation -> containedData.attemptAccess, but I'm not sure. Most likely the read-flow through Data needs to be split up into multiple flows such that the privileges of X are correctly passed on to Y. Right now the privilege information gets lost along the way since all read-flows pass through X.read.

There is a related issue with the use of Data.authenticated defense. If X.authenticated but not Y.authenticated then the attacker (at X.attemptAccess) can reach X.read but not X.write (as expected). However, because the attacker can reach X.read they can also reach Y.write -- which I think is a bug. I was expecting the X.authenticated defense to also protect Y when the attacker is accessing Y through X.

skatsikeas commented 3 years ago

Those bugs are now fixed! Thank you for bringing them up. And one question, can I include on the repo the test cases you have created?

jesajx commented 3 years ago

Great! Yes, feel free to include them!

skatsikeas commented 3 years ago

Great, thank you.