Open andrewbwm opened 1 month ago
When defining the rewards there are two major sub concerns. One of them is which attack/defence steps we want to apply them to and the other is if we expect functionality dependencies between assets/systems to be incorporated in the values defined or not. We may wish to define classes and subclasses of assets/systems that then also impact the model generation.
Dumping some ideas for discussion:
Contains (json/yml):
1 file or three files?
Benefits of 1 file:
On assets in the model which are then used in the generated attack graph?:
<asset_id>
: <reward>
But what if some attack steps for an asset are not as bad as other and should have different reward?
<asset_id>
: {'C': <c_reward>
, 'I': <i_reward>
, 'A': <a_reward>
}C
, I
or A
tagged attack steps of that asset
(if they have more than 1 of [C
, I
, A
] take max reward of those)I will go for a simpler scenario format to begin with (as discussed).
Here is an example:
lang_file: ../org.mal-lang.coreLang-1.0.0.mar
model_file: example_model.json
# Rewards for each attack step
rewards:
OS App:notPresent: 2
OS App:supplyChainAuditing: 7
Program 1:notPresent: 3
Program 1:supplyChainAuditing: 7
SoftwareVulnerability:4:notPresent: 4
Data:5:notPresent: 1
Credentials:6:notPhishable: 7
Identity:11:notPresent: 3.5
# The possible entry points (?) - how should they look like
entry_points: []
I created a branch for this in mal-simulator and a test to show the idea.
We should create a scenario description format that includes the following information: