Extending
carlos-ballester edited this page Sep 4, 2014
·
19 revisions
The OPPRIM Simulator tool allows to extend or to change the risk and trust metric used in the access request decision function by directly modifying the method that computes the decision.
Simply put, the method decide included in the java source file RealTimeRiskTrustEngineAnalysis.java inside the main package eu.muses.sim needs to be edited. This method can be found starting from the line 107 of the source file, and its original code can be seen following:
private Decision decide(RiskEvent[] riskEvents,
RiskPolicy riskPolicy, SimUser u) {
double costOpportunity = 0.0;
double combinedProbabilityThreats = 1.0;
double combinedProbabilityOpportunities = 1.0;
double singleThreatProbabibility = 0.0;
double singleOpportunityProbability = 0.0;
int opcount = 0;
int threatcount = 0;
for (RiskEvent riskEvent : riskEvents) {
costOpportunity += riskEvent.getOutcomes().iterator().next()
.getCostBenefit();
if (riskEvent.getOutcomes().iterator().next().getCostBenefit() < 0) {
System.out.println("This is a threat " + riskEvent.getProbability().getProb());
combinedProbabilityThreats = combinedProbabilityThreats
* riskEvent.getProbability().getProb();
singleThreatProbabibility = singleThreatProbabibility
+ riskEvent.getProbability().getProb();
threatcount++;
} else {
System.out.println("This is an opportunity");
combinedProbabilityOpportunities = combinedProbabilityOpportunities
* riskEvent.getProbability().getProb();
singleOpportunityProbability = singleOpportunityProbability
+ riskEvent.getProbability().getProb();
opcount++;
}
}
if (threatcount > 1)
singleThreatProbabibility = singleThreatProbabibility
- combinedProbabilityThreats;
if (opcount > 1)
singleOpportunityProbability = singleOpportunityProbability
- combinedProbabilityOpportunities;
System.out.println("Decission data is: ");
System.out.println("- Risk Policy threshold: "
+ riskPolicy.getRiskValue().getValue());
System.out.println("- Cost Oportunity: " + costOpportunity);
System.out
.println("- Combined Probability of the all possible Threats happening together: "
+ combinedProbabilityThreats);
System.out
.println("- Combined Probability of the all the possible Opportunities happening together: "
+ combinedProbabilityOpportunities);
System.out
.println("- Combined Probability of only one of the possible Threats happening: "
+ singleThreatProbabibility);
System.out
.println("- Combined Probability of only one of the possible Opportunities happening: "
+ singleOpportunityProbability);
System.out.println("Making a decision...");
System.out.println(".");
System.out.println("..");
System.out.println("...");
if (riskPolicy.getRiskValue().getValue() == 0.0) {
return Decision.ALLOW_ACCESS;
}
if (riskPolicy.getRiskValue().getValue() == 1.0) {
return Decision.STRONG_DENY_ACCESS;
}
if ((combinedProbabilityThreats + ((Double)1.0 - u.getTrustValue().getValue()))/2 <= riskPolicy.getRiskValue().getValue()) {
return Decision.ALLOW_ACCESS;
} else {
if (costOpportunity > 0)
return Decision.MAYBE_ACCESS;
else
return Decision.STRONG_DENY_ACCESS;
}
}
OPPRIM-SIM
- Home
- OPPRIM
- Threats
- Opportunities
- Assets
- Clues
- Users
- [Risk Communications and Risk Treatments](https://github.com/jmseigneur/opprim-sim/wiki/Risk Communications and Treatments)
- [Risk Policies](https://github.com/jmseigneur/opprim-sim/wiki/Risk Policy)
- [Access Requests](https://github.com/jmseigneur/opprim-sim/wiki/Access Request)
- [Security Incidents](https://github.com/jmseigneur/opprim-sim/wiki/Security Incidents)
- Metrics
- User Guide
- Configure
- View
- Scenarios
- Help
- Connection
- Extending the Risk and Trust Metric