Reworked the System asset into the Hardware asset that is simpler and only represents, as the name suggests, the hardware components on which Applications are run. This makes the distinction between hardware and software in coreLang clearer.
This pull request also introduces HardwareVulnerabilities which are analogous, but less complex, than the SoftwareVulnerabilities. These are used to model vulnerabilities that both require physical access on and lead to disruptions(confidentiality, integrity, availability) on the Hardware asset. Vulnerabilities that require physical access but impact software(Applications/SoftwareProducts) are represented using SoftwareVulnerabilities with the physicalAccessRequired defence enabled.
Also included is an update to the PhysicalZone asset. Both Network and Hardware assets can be associated with a PhysicalZone and each can belong to multiple zones, thus representing overlapping zones. This was initially requested by @jesajx(https://github.com/mal-lang/coreLang/pull/39#issuecomment-874282070).
Users now can directly be associated with either Hardware or PhysicalZone assets in order to represent the hardware/network assets that they have physical access to. Identities cannot be associated with Hardware as they were with the old System asset since privileges are only relevant for software assets.
Reworked the
System
asset into theHardware
asset that is simpler and only represents, as the name suggests, the hardware components on whichApplications
are run. This makes the distinction between hardware and software in coreLang clearer.This pull request also introduces
HardwareVulnerabilities
which are analogous, but less complex, than theSoftwareVulnerabilities
. These are used to model vulnerabilities that both require physical access on and lead to disruptions(confidentiality, integrity, availability) on theHardware
asset. Vulnerabilities that require physical access but impact software(Applications
/SoftwareProducts
) are represented usingSoftwareVulnerabilities
with thephysicalAccessRequired
defence enabled.Also included is an update to the
PhysicalZone
asset. BothNetwork
andHardware
assets can be associated with aPhysicalZone
and each can belong to multiple zones, thus representing overlapping zones. This was initially requested by @jesajx(https://github.com/mal-lang/coreLang/pull/39#issuecomment-874282070).Users
now can directly be associated with eitherHardware
orPhysicalZone
assets in order to represent the hardware/network assets that they have physical access to.Identities
cannot be associated withHardware
as they were with the oldSystem
asset since privileges are only relevant for software assets.