distinguish when CAPEC-137 is mitigated by a defense property on a connection from defense property on a component

Question

distinguish when CAPEC-137 is mitigated by a defense property on a connection from defense property on a component

Opened this issue 4 years ago · 0 comments

Need to change SOTERIA++ so that if CAPEC-137 is mitigated via Logging or InputValidation properties on the component, it has to be distinguished from mitigation via DeviceAuthentication on a connection. Right now, a "Connection" instance is generated if "Connection" exists in Defenses.csv. Needs to be more specific, like looking at ImplementedDefenses of Defenses.csv.

Start by correcting the following in translator.ml:

(* instantiate "Connection" as components the ones that appear in Defenses.csv  *)
let instancesConn l_defense = 
   let f x tag = List.Assoc.find_exn x tag ~equal:(=) in
   let l_defense_Connection = compInfo "Connection" compType_D l_defense in
   List.dedup_and_sort ~compare:compare (List.map l_defense_Connection ~f:(fun x-> makeInstance ~i:(f x compInst_D) ~c:"Connection" ()));;