Open andrewbwm opened 1 month ago
andrewbwm
commented
1 month ago When defining the rewards there are two major sub concerns. One of them is which attack/defence steps we want to apply them to and the other is if we expect functionality dependencies between assets/systems to be incorporated in the values defined or not. We may wish to define classes and subclasses of assets/systems that then also impact the model generation.
mrkickling
commented
2 weeks ago Dumping some ideas for discussion:
Contains (json/yml):
1 file or three files?
Benefits of 1 file:
On assets in the model which are then used in the generated attack graph?:
<asset_id>: <reward>But what if some attack steps for an asset are not as bad as other and should have different reward?
<asset_id>: {'C': <c_reward>, 'I': <i_reward>, 'A': <a_reward>}C, I or A tagged attack steps of that asset
(if they have more than 1 of [C, I, A] take max reward of those)mrkickling
commented
2 weeks ago I will go for a simpler scenario format to begin with (as discussed).
Here is an example:
lang_file: ../org.mal-lang.coreLang-1.0.0.mar
model_file: example_model.json
# Rewards for each attack step
rewards:
OS App:notPresent: 2
OS App:supplyChainAuditing: 7
Program 1:notPresent: 3
Program 1:supplyChainAuditing: 7
SoftwareVulnerability:4:notPresent: 4
Data:5:notPresent: 1
Credentials:6:notPhishable: 7
Identity:11:notPresent: 3.5
# The possible entry points (?) - how should they look like
entry_points: []
I created a branch for this in mal-simulator and a test to show the idea.
We should create a scenario description format that includes the following information: