andrewbwm
commented
1 month ago - [ ] Create trainingLang
- [ ] Create models
- [ ] Add simplified rewards file
- [ ] Create scripts for simpler training deployment
Open andrewbwm opened 1 month ago
andrewbwm
commented
1 month ago 
mrkickling
commented
1 month ago Any idea where to put trainingLang? Separate repository, inside the scenario repository or inside testdata in maltoolbox?
mrkickling
commented
1 month ago Any ideas on what to add or remove in the simple language below (to be trainingLang):
Asset types:
Application
Data
Associations:
andrewbwm
commented
1 month ago Any idea where to put trainingLang? Separate repository, inside the scenario repository or inside testdata in maltoolbox?
It should be its own repository and we can set it up as a git submodule of the malsim-scenarios.
Any ideas on what to add or remove in the simple language below (to be trainingLang):
Asset types:
* Application * Defenses: notPresent * Attack steps: authenticate, localAccess, fulAccess, read, modify, deny * Data * Defenses: notPresent * Attack steps: read, write, deny, delete, extractAssociations:
* Application (hostApp) < -- (AppExecution) -- > Application (appExecutedApps) * Data (containeddata) < -- (AppContainment) -- > Application (containingApp)
This is basically just a very narrow selection of assets from coreLang. I would not tie it to coreLang assets at all as it might be confusing when you see the same names in an attack graph and assume it is based on a coreLang model.
Also, I would have the names be as descriptive as possible connect, compromise, read, modify, and so forth.
The selection you have has authenticate and extract that do not logically connect to anything they would have in coreLang, so those would require additional assets to be included.
I would have something like 4 assets Host/System, Data, Network, User and just come up with 2-3 very basic attack steps for each.
nkakouros
commented
1 month ago Will this be different from testLang, or is it the same? Will corner cases go into trainingLang?
andrewbwm
commented
1 month ago Will this be different from testLang, or is it the same? Will corner cases go into trainingLang?
These should be different. We can and should create small language to fit very specific purposes and not just dump all of the features we want into a common language. Coalescing all of them into one would be hard to maintain and confusing for people who only are interested in one very narrow aspect of it.