Backlog Manager added a comment - 08/Mar/16 3:02 PM 2016-03-08 15:05|CREATED monitor | # answers= 0, accepted answer= False

Bettan Olivier added a comment - 07/Apr/16 7:12 PM Dear Manuel, Since this enabler is not anymore part of FICORE project roadmap and is thus only maintained with Thales inner ressources, we are applying our own selection process to take into consideration questions and bugs dedicated to CYBERCAPTOR. You can thus stop the monitoring and forwarding of FIWARE Cyber Sec related ticket. Best regards, Olivier. ---------------- Olivier Bettan Head of Cyber Security Lab SiX/Advanced Studies Thales Solutions de Securité & Services [@@ THALES GROUP INTERNAL @@] ---- Message d'origine ---- De : Manuel Escriche (JIRA) jira-help-desk@fi-ware.org Envoyé : jeudi 7 avril 2016 10:13 À : BETTAN Olivier Objet : [FIWARE-JIRA] ( HELP-6075 ) [fiware-askbot] Inconsistencies in logical/topological attack graphs/paths [ https://jira.fiware.org/browse/HELP-6075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manuel Escriche updated HELP-6075 : ---------------------------------- HD-Enabler: Cyber Sec Resolution: Fixed Description: Created question in FIWARE Q/A platform on 08-03-2016 at 12:03 Please, ANSWER this question AT https://ask.fiware.org/question/417/inconsistencies-in-logicaltopological-attack-graphspaths/ Question: Inconsistencies in logical/topological attack graphs/paths Description: I'm facing a problem with understanding attack graphs, attack paths in both: logical and topological view - I conisder generated graphs are inconsistent. Example 1 Firstly I tried to analyze this input file from examples: https://github.com/fiware-cybercaptor ... I uploaded the xml and generated graph with no errors or warnings. Graph has only one attack path. Example 1a: Logical Attack Graph + Attack Path As far as I understand Attack Path differs from Attack graph in that way the directed arcs/arrows are aimed at opposite direction. In a Graph theory a Path is a subgraph of a Graph. The problem is that both generated logical graphs (attack path and attack graph) are structurally different: Major differences are marked on the picture above. A subpath containing most important vertex (the attack indicator - rule execCode()) is marked green. Marked vertices (green and purple) are directly connected to that subpath on the Attack Graph, but not on the Attack Path. Why? Example 1b: Topological Attack Graph + Attack Path The structure of topological attack graph and attack path have different direction of edges. Why? Example 2 Second example is from this appendix: https://github.com/fiware-cybercaptor ... [end of the page] There are generated 2 attack paths - only first is considered. Example 2 (three screenshots): Logical and topological view of attack path and topological attack graph Logical attack path shows that the consequence of an attack is code execution on linux-user-2 execCode('linux-user-2', user) - which is show and marked with a rectangle. Topological attack path shows that the target is linux-user-1. This looks like contradiction of targets! Isn't it? Bottom screenshot show topological view of attack graph where one of the targets is linux-user-2. For me these observed differences are crucial and discredit whole attack graph analysis. Please correct me if I'm wrong, maybe I understand these graphs in wrong way, so please explain me the process of reading the results - how and why these graphs are so different. I'm desirious to involve myself into this project, it's great and after 2 weeks of fiddling with it I've got with many ideas how to improve it. If these issues are real please guide me how to fix them. was: Created question in FIWARE Q/A platform on 08-03-2016 at 12:03 Please, ANSWER this question AT https://ask.fiware.org/question/417/inconsistencies-in-logicaltopological-attack-graphspaths/ Question: Inconsistencies in logical/topological attack graphs/paths Description: I'm facing a problem with understanding attack graphs, attack paths in both: logical and topological view - I conisder generated graphs are inconsistent. Example 1 Firstly I tried to analyze this input file from examples: https://github.com/fiware-cybercaptor ... I uploaded the xml and generated graph with no errors or warnings. Graph has only one attack path. Example 1a: Logical Attack Graph + Attack Path As far as I understand Attack Path differs from Attack graph in that way the directed arcs/arrows are aimed at opposite direction. In a Graph theory a Path is a subgraph of a Graph. The problem is that both generated logical graphs (attack path and attack graph) are structurally different: Major differences are marked on the picture above. A subpath containing most important vertex (the attack indicator - rule execCode()) is marked green. Marked vertices (green and purple) are directly connected to that subpath on the Attack Graph, but not on the Attack Path. Why? Example 1b: Topological Attack Graph + Attack Path The structure of topological attack graph and attack path have different direction of edges. Why? Example 2 Second example is from this appendix: https://github.com/fiware-cybercaptor ... [end of the page] There are generated 2 attack paths - only first is considered. Example 2 (three screenshots): Logical and topological view of attack path and topological attack graph Logical attack path shows that the consequence of an attack is code execution on linux-user-2 execCode('linux-user-2', user) - which is show and marked with a rectangle. Topological attack path shows that the target is linux-user-1. This looks like contradiction of targets! Isn't it? Bottom screenshot show topological view of attack graph where one of the targets is linux-user-2. For me these observed differences are crucial and discredit whole attack graph analysis. Please correct me if I'm wrong, maybe I understand these graphs in wrong way, so please explain me the process of reading the results - how and why these graphs are so different. I'm desirious to involve myself into this project, it's great and after 2 weeks of fiddling with it I've got with many ideas how to improve it. If these issues are real please guide me how to fix them. > [fiware-askbot] Inconsistencies in logical/topological attack > graphs/paths > ---------------------------------------------------------------------- > ---- > > Key: HELP-6075 > URL: https://jira.fiware.org/browse/HELP-6075 > Project: Help-Desk > Issue Type: Monitor > Components: FIWARE-TECH-HELP > Reporter: Backlog Manager > Assignee: Bettan Olivier > Labels: Security, cybercaptor > > Created question in FIWARE Q/A platform on 08-03-2016 at 12:03 > Please, ANSWER this question AT > https://ask.fiware.org/question/417/inconsistencies-in-logicaltopologi > cal-attack-graphspaths/ > Question: > Inconsistencies in logical/topological attack graphs/paths > Description: > I'm facing a problem with understanding attack graphs, attack paths in both: logical and topological view - I conisder generated graphs are inconsistent. > Example 1 > Firstly I tried to analyze this input file from examples: https://github.com/fiware-cybercaptor ... > I uploaded the xml and generated graph with no errors or warnings. Graph has only one attack path. > Example 1a: Logical Attack Graph + Attack Path As far as I understand > Attack Path differs from Attack graph in that way the directed arcs/arrows are aimed at opposite direction. In a Graph theory a Path is a subgraph of a Graph. The problem is that both generated logical graphs (attack path and attack graph) are structurally different: Major differences are marked on the picture above. A subpath containing most important vertex (the attack indicator - rule execCode()) is marked green. Marked vertices (green and purple) are directly connected to that subpath on the Attack Graph, but not on the Attack Path. Why? > Example 1b: Topological Attack Graph + Attack Path The structure of > topological attack graph and attack path have different direction of edges. Why? > Example 2 > Second example is from this appendix: > https://github.com/fiware-cybercaptor ... [end of the page] There are generated 2 attack paths - only first is considered. > Example 2 (three screenshots): Logical and topological view of attack > path and topological attack graph Logical attack path shows that the consequence of an attack is code execution on linux-user-2 execCode('linux-user-2', user) - which is show and marked with a rectangle. Topological attack path shows that the target is linux-user-1. This looks like contradiction of targets! Isn't it? > Bottom screenshot show topological view of attack graph where one of the targets is linux-user-2. > For me these observed differences are crucial and discredit whole attack graph analysis. > Please correct me if I'm wrong, maybe I understand these graphs in wrong way, so please explain me the process of reading the results - how and why these graphs are so different. I'm desirious to involve myself into this project, it's great and after 2 weeks of fiddling with it I've got with many ideas how to improve it. If these issues are real please guide me how to fix them. – This message was sent by Atlassian JIRA (v6.4.1#64016)

Manuel Escriche added a comment - 14/Apr/16 9:59 AM closed and reopen because of inconsistency between resolution and status

Pascal Bisson added a comment - 02/May/16 8:18 AM Sorry but this enabler as announced on FIWARE GE Catalog and reminded by Olivier Bettan as its owner is no more supported since it has been stopped.