Details
-
Type: Monitor
-
Status: Closed
-
Priority: Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Chapter:Security
-
HD-Enabler:Cyber Security
Description
Created question in FIWARE Q/A platform on 08-03-2016 at 12:03
Please, ANSWER this question AT https://ask.fiware.org/question/417/inconsistencies-in-logicaltopological-attack-graphspaths/
Question:
Inconsistencies in logical/topological attack graphs/paths
Description:
I'm facing a problem with understanding attack graphs, attack paths in both: logical and topological view - I conisder generated graphs are inconsistent.
Example 1
Firstly I tried to analyze this input file from examples: https://github.com/fiware-cybercaptor...
I uploaded the xml and generated graph with no errors or warnings. Graph has only one attack path.
Example 1a: Logical Attack Graph + Attack Path
As far as I understand Attack Path differs from Attack graph in that way the directed arcs/arrows are aimed at opposite direction. In a Graph theory a Path is a subgraph of a Graph. The problem is that both generated logical graphs (attack path and attack graph) are structurally different: Major differences are marked on the picture above. A subpath containing most important vertex (the attack indicator - rule execCode()) is marked green. Marked vertices (green and purple) are directly connected to that subpath on the Attack Graph, but not on the Attack Path. Why?
Example 1b: Topological Attack Graph + Attack Path
The structure of topological attack graph and attack path have different direction of edges. Why?
Example 2
Second example is from this appendix: https://github.com/fiware-cybercaptor... [end of the page]
There are generated 2 attack paths - only first is considered.
Example 2 (three screenshots): Logical and topological view of attack path and topological attack graph
Logical attack path shows that the consequence of an attack is code execution on linux-user-2 execCode('linux-user-2', user) - which is show and marked with a rectangle. Topological attack path shows that the target is linux-user-1. This looks like contradiction of targets! Isn't it?
Bottom screenshot show topological view of attack graph where one of the targets is linux-user-2.
For me these observed differences are crucial and discredit whole attack graph analysis.
Please correct me if I'm wrong, maybe I understand these graphs in wrong way, so please explain me the process of reading the results - how and why these graphs are so different. I'm desirious to involve myself into this project, it's great and after 2 weeks of fiddling with it I've got with many ideas how to improve it. If these issues are real please guide me how to fix them.
Activity
Field | Original Value | New Value |
---|---|---|
Assignee | Pascal Bisson [ pascal.bisson ] |
Component/s | FIWARE-TECH-HELP [ 10278 ] |
Assignee | Pascal Bisson [ pascal.bisson ] | Bettan Olivier [ olivier.bettan ] |
Description |
Created question in FIWARE Q/A platform on 08-03-2016 at 12:03 {color: red}Please, ANSWER this question AT{color} https://ask.fiware.org/question/417/inconsistencies-in-logicaltopological-attack-graphspaths/ +Question:+ Inconsistencies in logical/topological attack graphs/paths +Description:+ I'm facing a problem with understanding attack graphs, attack paths in both: logical and topological view - I conisder generated graphs are inconsistent. Example 1 Firstly I tried to analyze this input file from examples: https://github.com/fiware-cybercaptor... I uploaded the xml and generated graph with no errors or warnings. Graph has only one attack path. Example 1a: Logical Attack Graph + Attack Path As far as I understand Attack Path differs from Attack graph in that way the directed arcs/arrows are aimed at opposite direction. In a Graph theory a Path is a subgraph of a Graph. The problem is that both generated logical graphs (attack path and attack graph) are structurally different: Major differences are marked on the picture above. A subpath containing most important vertex (the attack indicator - rule execCode()) is marked green. Marked vertices (green and purple) are directly connected to that subpath on the Attack Graph, but not on the Attack Path. Why? Example 1b: Topological Attack Graph + Attack Path The structure of topological attack graph and attack path have different direction of edges. Why? Example 2 Second example is from this appendix: https://github.com/fiware-cybercaptor... [end of the page] There are generated 2 attack paths - only first is considered. Example 2 (three screenshots): Logical and topological view of attack path and topological attack graph Logical attack path shows that the consequence of an attack is code execution on linux-user-2 execCode('linux-user-2', user) - which is show and marked with a rectangle. Topological attack path shows that the target is linux-user-1. This looks like contradiction of targets! Isn't it? Bottom screenshot show topological view of attack graph where one of the targets is linux-user-2. For me these observed differences are crucial and discredit whole attack graph analysis. Please correct me if I'm wrong, maybe I understand these graphs in wrong way, so please explain me the process of reading the results - how and why these graphs are so different. I'm desirious to involve myself into this project, it's great and after 2 weeks of fiddling with it I've got with many ideas how to improve it. If these issues are real please guide me how to fix them. |
Created question in FIWARE Q/A platform on 08-03-2016 at 12:03 {color: red}Please, ANSWER this question AT{color} https://ask.fiware.org/question/417/inconsistencies-in-logicaltopological-attack-graphspaths/ +Question:+ Inconsistencies in logical/topological attack graphs/paths +Description:+ I'm facing a problem with understanding attack graphs, attack paths in both: logical and topological view - I conisder generated graphs are inconsistent. Example 1 Firstly I tried to analyze this input file from examples: https://github.com/fiware-cybercaptor... I uploaded the xml and generated graph with no errors or warnings. Graph has only one attack path. Example 1a: Logical Attack Graph + Attack Path As far as I understand Attack Path differs from Attack graph in that way the directed arcs/arrows are aimed at opposite direction. In a Graph theory a Path is a subgraph of a Graph. The problem is that both generated logical graphs (attack path and attack graph) are structurally different: Major differences are marked on the picture above. A subpath containing most important vertex (the attack indicator - rule execCode()) is marked green. Marked vertices (green and purple) are directly connected to that subpath on the Attack Graph, but not on the Attack Path. Why? Example 1b: Topological Attack Graph + Attack Path The structure of topological attack graph and attack path have different direction of edges. Why? Example 2 Second example is from this appendix: https://github.com/fiware-cybercaptor... [end of the page] There are generated 2 attack paths - only first is considered. Example 2 (three screenshots): Logical and topological view of attack path and topological attack graph Logical attack path shows that the consequence of an attack is code execution on linux-user-2 execCode('linux-user-2', user) - which is show and marked with a rectangle. Topological attack path shows that the target is linux-user-1. This looks like contradiction of targets! Isn't it? Bottom screenshot show topological view of attack graph where one of the targets is linux-user-2. For me these observed differences are crucial and discredit whole attack graph analysis. Please correct me if I'm wrong, maybe I understand these graphs in wrong way, so please explain me the process of reading the results - how and why these graphs are so different. I'm desirious to involve myself into this project, it's great and after 2 weeks of fiddling with it I've got with many ideas how to improve it. If these issues are real please guide me how to fix them. |
Resolution | Fixed [ 1 ] | |
HD-Enabler | Cyber Sec [ 10888 ] |
HD-Chapter | Security [ 10841 ] |
Status | Open [ 1 ] | In Progress [ 3 ] |
Resolution | Fixed [ 1 ] | Done [ 10000 ] |
Status | In Progress [ 3 ] | Closed [ 6 ] |
Resolution | Done [ 10000 ] | |
Status | Closed [ 6 ] | In Progress [ 3 ] |
Status | In Progress [ 3 ] | Answered [ 10104 ] |
Resolution | Done [ 10000 ] | |
Status | Answered [ 10104 ] | Closed [ 6 ] |
Summary | [fiware-askbot] Inconsistencies in logical/topological attack graphs/paths | FIWARE.Question.Tech.Security.CyberSecurity.Inconsistencies in logical/topological attack graphs/paths |
Fix Version/s | 2021 [ 12600 ] |