search

mal-lang / coreLang

A probabilistic attack simulation language for the (abstract) IT domain
https://mal-lang.org/coreLang/
Other
10 stars 12 forks source link

Introduce IDPS asset used to protect applications. #64

Closed andrewbwm closed 2 years ago

andrewbwm commented 2 years ago

The IDPS asset protects Application assets associated with it from certain malicious activities.

The IDPS asset expands the Application asset, therefore it can be compromised in a similar fashion by an attacker. If the attacker is able to gain fullAccess on the IDPS it no longer provides its protective functionality.

Perhaps we wish to expand this in the future to other attack steps, such as deny.

The disabled defence on the IDPS should impact its ability to perform its duties, however this cannot currently be implemented as defences in MAL languages can not lead to triggering attack steps, they can only prevent them.

andrewbwm commented 2 years ago

This was further augmented in #65 as the IDPS asset is assumed to be able to restrict the impact of unsafe user actions on an Application as well.