-
Notifications
You must be signed in to change notification settings - Fork 6
/
SECURITY.sadl
72 lines (55 loc) · 3.83 KB
/
SECURITY.sadl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
/* Copyright (c) 2020, General Electric Company, Galois, Inc.
*
* All Rights Reserved
*
* This material is based upon work supported by the Defense Advanced Research
* Projects Agency (DARPA) under Contract No. FA8750-20-C-0203.
*
* Any opinions, findings and conclusions or recommendations expressed in this
* material are those of the author(s) and do not necessarily reflect the views
* of the Defense Advanced Research Projects Agency (DARPA).
*/
uri "http://arcos.rack/SECURITY" alias Sec.
import "http://arcos.rack/PROV-S".
/* SOURCE: https://niccs.cisa.gov/about-niccs/cybersecurity-glossary
THREAT: A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.
Adapted from: DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4
ATTACK: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
Extended Definition: The intentional act of attempting to bypass one or more security services or controls of an information system.
From: NCSD Glossary. NTSSI 4009 (2000), CNSSI 4009
* */
// We model THREAT only as an ATTACK is an activity on say a fielded system.
THREAT (note "A threat / vulnerability to be assessed for certification") is a type of ENTITY.
Sec:source (note "ENTITY(s) that participate in causing this THREAT") describes THREAT with values of type ENTITY.
Sec:source is a type of wasImpactedBy.
identified (note "how this THREAT was identified") describes THREAT with values of type THREAT_IDENTIFICATION.
effect (note "consequence(s) of the THREAT") describes THREAT with values of type string.
effect describes THREAT with at most 1 value.
severity (note "the severity of the THREAT") describes THREAT with values of type float. // [0,1].
severity describes THREAT with at most 1 value.
likelihood (note "probability value between 0 and 1") describes THREAT with values of type float. // [0,1].
likelihood describes THREAT with at most 1 value.
THREAT_IDENTIFICATION
(note "ACTIVITY that identifies potential sources of THREAT whose risk must be evaluated")
is a type of ACTIVITY.
Sec:author (note "AGENT(s) who work on this ACTIVITY") describes THREAT_IDENTIFICATION with values of type AGENT.
Sec:author is a type of wasAssociatedWith.
SECURITY_LABEL (note "A label to help categorize the associated SECURITY concern") is a type of THING.
// A few common instances: additional ones could be Authorization, Non-repudiation, Privacy, etc.
Confidentiality is a SECURITY_LABEL
has identifier "Confidentiality"
has description "No unauthorized information is disclosed.".
Integrity is a SECURITY_LABEL
has identifier "Integrity"
has description "Maintain data accuracy.".
Availability is a SECURITY_LABEL
has identifier "Availability"
has description "Information / functionality is available when needed.".
CONTROL (note "CONTROLs mitigate THREATs") is a type of ENTITY.
CONTROLSET (note "A set of CONTROLs that combine to mitigate a THREAT") is a type of COLLECTION.
content of CONTROLSET only has values of type CONTROL.
// A THREAT can be mitigated by a set of CONTROLs etc., mitigation by CONTROL is defined in CONTROL.sadl.
// In general, a THREAT T may be mitigated by "(C1 and C2) or (C3 and C4 and C5)" which is represented in a disjunctive normal form,
// each CONTROLSET provides the conjunctions and the the disjunction via multiple CONTROLSET.
Sec:mitigates (note "ENTITY(s) (e.g. THREAT) that is being mitigated by this CONTROLSET") describes CONTROLSET with values of type THREAT.