distinguish when CAPEC-137 is mitigated by a defense property on a connection from defense property on a component #66

kityansiu · 2020-08-11T21:39:22Z

Need to change SOTERIA++ so that if CAPEC-137 is mitigated via Logging or InputValidation properties on the component, it has to be distinguished from mitigation via DeviceAuthentication on a connection. Right now, a "Connection" instance is generated if "Connection" exists in Defenses.csv. Needs to be more specific, like looking at ImplementedDefenses of Defenses.csv.

Start by correcting the following in translator.ml:

(* instantiate "Connection" as components the ones that appear in Defenses.csv  *)
let instancesConn l_defense = 
   let f x tag = List.Assoc.find_exn x tag ~equal:(=) in
   let l_defense_Connection = compInfo "Connection" compType_D l_defense in
   List.dedup_and_sort ~compare:compare (List.map l_defense_Connection ~f:(fun x-> makeInstance ~i:(f x compInst_D) ~c:"Connection" ()));;

The text was updated successfully, but these errors were encountered:

kityansiu added the bug Something isn't working label Aug 11, 2020

kityansiu self-assigned this Aug 11, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

distinguish when CAPEC-137 is mitigated by a defense property on a connection from defense property on a component #66

distinguish when CAPEC-137 is mitigated by a defense property on a connection from defense property on a component #66

kityansiu commented Aug 11, 2020

distinguish when CAPEC-137 is mitigated by a defense property on a connection from defense property on a component #66

distinguish when CAPEC-137 is mitigated by a defense property on a connection from defense property on a component #66

Comments

kityansiu commented Aug 11, 2020