distinguish when CAPEC-137 is mitigated by a defense property on a connection from defense property on a component
Opened this issue · 0 comments
kityansiu commented
Need to change SOTERIA++ so that if CAPEC-137 is mitigated via Logging or InputValidation properties on the component, it has to be distinguished from mitigation via DeviceAuthentication on a connection. Right now, a "Connection" instance is generated if "Connection" exists in Defenses.csv. Needs to be more specific, like looking at ImplementedDefenses of Defenses.csv.
Start by correcting the following in translator.ml:
(* instantiate "Connection" as components the ones that appear in Defenses.csv *)
let instancesConn l_defense =
let f x tag = List.Assoc.find_exn x tag ~equal:(=) in
let l_defense_Connection = compInfo "Connection" compType_D l_defense in
List.dedup_and_sort ~compare:compare (List.map l_defense_Connection ~f:(fun x-> makeInstance ~i:(f x compInst_D) ~c:"Connection" ()));;