Skip to content

Redesign System asset into Hardware asset #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Dec 23, 2021
Merged

Redesign System asset into Hardware asset #70

merged 5 commits into from
Dec 23, 2021

Conversation

@andrewbwm
Copy link
Contributor

@andrewbwm andrewbwm commented Dec 6, 2021

Reworked the System asset into the Hardware asset that is simpler and only represents, as the name suggests, the hardware components on which Applications are run. This makes the distinction between hardware and software in coreLang clearer.

This pull request also introduces HardwareVulnerabilities which are analogous, but less complex, than the SoftwareVulnerabilities. These are used to model vulnerabilities that both require physical access on and lead to disruptions(confidentiality, integrity, availability) on the Hardware asset. Vulnerabilities that require physical access but impact software(Applications/SoftwareProducts) are represented using SoftwareVulnerabilities with the physicalAccessRequired defence enabled.

Also included is an update to the PhysicalZone asset. Both Network and Hardware assets can be associated with a PhysicalZone and each can belong to multiple zones, thus representing overlapping zones. This was initially requested by @jesajx(#39 (comment)).

Users now can directly be associated with either Hardware or PhysicalZone assets in order to represent the hardware/network assets that they have physical access to. Identities cannot be associated with Hardware as they were with the old System asset since privileges are only relevant for software assets.

@andrewbwm andrewbwm added the enhancement New feature or request label Dec 6, 2021
@andrewbwm andrewbwm added this to the v0.5.0 Release milestone Dec 6, 2021
@andrewbwm andrewbwm requested a review from skatsikeas December 6, 2021 20:44
@andrewbwm andrewbwm self-assigned this Dec 6, 2021
@andrewbwm andrewbwm mentioned this pull request Dec 7, 2021
Closed
This was linked to issues Dec 7, 2021
Create an association between the PhysicalZone and Network. #55
Closed
Design HardwareVulnerabilities to attach to the System asset. #54
Closed
@andrewbwm andrewbwm mentioned this pull request Dec 7, 2021
Closed
skatsikeas
skatsikeas approved these changes Dec 15, 2021
View reviewed changes
Copy link
Collaborator

@skatsikeas skatsikeas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those changes were discussed with Andrei in a meeting and I approve those.

@andrewbwm andrewbwm merged commit d30c58f into master Dec 23, 2021
@andrewbwm andrewbwm deleted the hardware_asset_redesign branch December 23, 2021 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@skatsikeas skatsikeas skatsikeas approved these changes

Assignees

@andrewbwm andrewbwm

Labels

enhancement New feature or request

Projects

None yet

Milestone

v0.5.0 Release

Development

Successfully merging this pull request may close these issues.

Create an association between the PhysicalZone and Network. Design HardwareVulnerabilities to attach to the System asset.

3 participants

@andrewbwm @skatsikeas