mal-lang
diff --git a/‎src/main/mal/HardwareVulnerability.mal‎
Lines changed: 80 additions & 0 deletions b/‎src/main/mal/HardwareVulnerability.mal‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎src/main/mal/SoftwareVulnerability.mal‎
Lines changed: 2 additions & 2 deletions b/‎src/main/mal/SoftwareVulnerability.mal‎
Lines changed: 2 additions & 2 deletions
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2019-2021 coreLang contributors <https://mal-lang.org/coreLang/contributors.html>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+category Vulnerability {
+
+  asset HardwareVulnerability extends Vulnerability
+    user info: "A vulnerability that affects hardware."
+  {
+    # confidentialityImpactLimitations @suppress [Disabled]
+      user info: "Limits the impact on confidentiality of the vulnerability."
+      modeler info: "Analogous defence to the SoftwareVulnerability impact limitations."
+      -> read
+
+    # availabilityImpactLimitations @suppress [Disabled]
+      user info: "Limits the impact on availability of the vulnerability."
+      modeler info: "Analogous defence to the SoftwareVulnerability impact limitations."
+      -> deny
+
+    # integrityImpactLimitations @suppress [Disabled]
+      user info: "Limits the impact on integrity of the vulnerability."
+      modeler info: "Analogous defence to the SoftwareVulnerability impact limitations."
+      -> modify
+
+    # effortRequiredToExploit @suppress [Disabled]
+      user info: "The vulnerability requires additional effort(time) from the attacker in order to be successful."
+      modeler info: "The expectation is that the attacker has prolonged or recurring access to the targeted hardware in order to repeatedly/continuously attempt the exploit."
+      -> exploitTrivially
+
+    & read
+      user info: "The attacker can read some or all of the associated hardware's data."
+      ->  hardware.read
+
+    & modify
+     user info: "The attacker can modify some or all of the associated hardware's behaviour."
+      ->  hardware.modify
+
+    & deny
+      user info: "Denial-of-Service attack is an attack in which a machine or hardware component is rendered unavailable to its intended users by temporarily or indefinitely disrupting it."
+      ->  hardware.deny
+
+    | attemptExploit @Override
+      user info: "This is the attack step that must be reached in order for a vulnerability to be able to be exploited. This is also the single checkpoint for all vulnerabilities to model hindrances to employing an exploit."
+      ->  exploitTrivially,
+          exploitWithEffort
+
+    & exploitTrivially
+      user info: "The exploit is trivial and requires insignificant effort from the attacker in order to be successful."
+      -> exploit
+
+    & exploitWithEffort [Exponential(0.01)]
+      user info: "The attacker must expend effort in order to successfully exploit the vulnerability."
+      developer info: "The distribution chosen here may be scientifically sound, but needs to be reevaluated to ensure that this is the case."
+      -> exploit
+
+    | impact
+      user info: "The actual impact caused by successfully exploiting the vulnerability."
+      -> read,
+         modify,
+         deny
+  }
+
+}
+
+associations {
+  HardwareVulnerability               [vulnerabilities]   * <-- hardwareVulnerability --> 0..1 [hardware]     Hardware
+      developer info: "Every Application can also be connected to any Vulnerability."
+}
@@ -72,7 +72,7 @@ category Vulnerability {
 
     # highComplexityExploitRequired @suppress [Disabled]
       user info: "The vulnerability relies on a high complexity exploit that requires the attacker to expend additional effort (time) in order to successfully make use of it."
-      developer info: "A vulnerability that has high complexity due to its intrisic properties that are beyond the attacker's control."
+      developer info: "A vulnerability that has high complexity due to its intrinsic properties that are beyond the attacker's control."
       modeler info: "https://www.first.org/cvss/v3.1/specification-document#2-1-2-Attack-Complexity-AC"
       -> exploitTrivially
 
@@ -111,7 +111,7 @@ category Vulnerability {
           softwareProduct.modifyApplication
 
     & deny
-      user info: "Denial-of-Service attack is an attack in which a machine or network resource is rendered unavailable to its intended users by temporarily or indefinitely disrupting it."
+      user info: "Denial-of-Service attack is an attack in which an application is rendered unavailable to its intended users by temporarily or indefinitely disrupting it."
       ->  application.deny,
           softwareProduct.denyApplication