search

mal-lang / coreLang

A probabilistic attack simulation language for the (abstract) IT domain
https://mal-lang.org/coreLang/
Other
11 stars 13 forks source link

Introduce Configuration of Applications #80

Closed andrewbwm closed 2 years ago

andrewbwm commented 2 years ago

We may wish to introduce an association between Information or Data and Applications that specifies that the Data/Information are used as configurations for the Application. If an attacker is able to change the configuration source via Write it should lead to manipulating the Application to some extent.

The information configuration branch contains a very basic example of this behaviour that uses the Information asset as a configuration source and gives FullAccess on the Application if the attacker is able to Write to the Information.

During the weekly coreLang meeting on June 15th the decision was made to evaluate when to implement this closer to the v1.0 release of coreLang, especially if the validation work would benefit from it. If it is not deemed essential it should be added in a post-v1.0 release.

andrewbwm commented 2 years ago

As per #86 this was renamed to Dependence to be more generic.