Rework attack steps on Application asset to follow the attempt-successful-impact pattern

mal-lang / coreLang

A probabilistic attack simulation language for the (abstract) IT domain

https://mal-lang.org/coreLang/

Other

11 stars 13 forks source link

Rework attack steps on Application asset to follow the attempt-successful-impact pattern #73

Closed andrewbwm closed 2 years ago

andrewbwm commented 2 years ago

Update the attack steps in the Application asset that are impacted by defences to use the attempt-successful-impact pattern used in the Data asset. This pattern is well suited for implementing core impacts that could be reached via multiple paths.

andrewbwm commented 2 years ago

35e850f373557359642c4320e60f679d354ede0d removes the eavesdrop and manInTheMiddle attack steps on the Data asset. This was done because those steps do no make sense on the Data asset itself, they were used to represent the impact of those attack steps originating from the Network asset. This commit replaces the eavesdrop and manInTheMiddle attack steps with their basic impacts on the Data asset when they occur on the Network asset.