Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement the attack graph algorithm #1

Open
scp93ch opened this issue Apr 3, 2023 · 0 comments
Open

Implement the attack graph algorithm #1

scp93ch opened this issue Apr 3, 2023 · 0 comments
Assignees
@panositi
Labels
enhancement New feature or request

Comments

@scp93ch
Copy link
Member

scp93ch commented Apr 3, 2023

The attack graph algorithm currently implemented in the ssm-adaptor and in a stand-alone Python script should be implemented in the Java SSM service. Doing so will mean that it can run faster (as it will have direct access to the data it requires) and can then support:

  • generation of attack graph pictures for clients
  • control strategy recommendations to be provided to clients (such as the SSM web UI)

Points about the API:

  • This should be a GET with the parameters in the query-string.
  • We should return URIs un-prefixed.
  • We should add a "uri-prefix" key and value to the JSON response so that a client can add the prefix back on to the URIs if it wants to.
  • There API should take arguments:
    • all-paths: a Boolean, default True, whether or not to return just the shortest path(s)
    • normal-operations: a Boolean, default True, whether or not to return normal-operation nodes
    • a list of target misbehaviour URIs
  • All 4 combinations of the 2 Boolean arguments are valid.

The attack graph algorithm works in two stages:

  1. It finds all "valid" paths to the target misbehaviour(s) from any root cause or root causes. Traversing the attack graph and the normal operation graph. This is what would be returned for all-paths == true and normal-operations == true.
  2. It (optionally) finds the shortest path(s). Resulting in the shortest path(s) to the target from the closest root cause(s), and the shortest path(s) to that closest root cause(s) from the closest initial cause(s). That is, it looks for shortest paths in the attack graph and in the normal-operation graph separately. This is what would be returned for when all-paths == false and normal-operations == true.

For the cases with normal-operations == false we take the result from (1) or (2) and filter out the normal-operation nodes.

The API response document should be of this format:

{
    "uri-prefix": "http://it-innovation.soton...",
    "graphs": {
        "target-MS-URI-1": {
            "threats": {
                "uri1": "distance1",
                "uri2": "distance2",
                ...
            },
            "misbehaviours":  {
                "uri3": "distance3",
                "uri4": "distance4",
                ...
            },
            "twas":  {
                "uri5": "distance5",
                "uri6": "distance6",
                ...
            },
            "links": [["uri2", "uri3"], ...]
        },
        "target-MS-URI-2": { ... }
    }
}

Initially, the API call can throw an exception if there is more than 1 target misbehaviour in the arguments (as this is simpler on the service side and is all we initially need).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@panositi panositi

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

1-implement-the-attack-graph-algorithm Spyderisk/system-modeller
3 participants
@scp93ch @panositi @kenmeacham