add inventory attribute to component, add threat category to loss sce…

…nario
coordinated-systems-lab · May 12, 2020 · ef7a779 · ef7a779
1 parent 1240e11
commit ef7a779
Showing 1 changed file with 47 additions and 0 deletions.
diff --git a/cps-metamodel.graphql b/cps-metamodel.graphql
@@ -437,6 +437,14 @@ type ComponentATTR {
   """
   outOfScopeAttackAnalysis: Boolean
 
+  """
+  A list of attributes describing important characteristics of the component type.
+   For example, OS type, Firmware Version, Model Number, etc.  A project specific
+  naming convention is suggested (for example: <attribute-name>:<attribute-value>,
+  [os-type:linux])
+  """
+  inventory: [String]
+
   """
   A justification for excluding the Component from the Attack Analysis.
   """
@@ -533,6 +541,7 @@ input ComponentATTR_Input {
   type: ComponentType
   clin: String
   outOfScopeAttackAnalysis: Boolean
+  inventory: [String]
   outofScopeJustification: String
   mission: String
   operations: [String]
@@ -3610,6 +3619,34 @@ type LossScenarioATTR {
   """
   isolateTime: Float
 
+  """
+  The category of threat - terminology reused from STRIDE.    Spoofing: Involves
+  illegally accessing and then using another user's authentication information,
+  such as username and password.    Tampering: Involves the malicious modification
+  of data. Examples include unauthorized changes made to persistent data, such as
+  that held in a database, and the alteration of data as it flows between two
+  computers over an open network, such as the Internet.    Repudiation: Associated
+  with users who deny performing an action without other parties having any way to
+  prove otherwise—for example, a user performs an illegal operation in a system
+  that lacks the ability to trace the prohibited operations. Non-Repudiation
+  refers to the ability of a system to counter repudiation threats. For example, a
+  user who purchases an item might have to sign for the item upon receipt. The
+  vendor can then use the signed receipt as evidence that the user did receive the
+  package.    Information Disclosure: Involves the exposure of information to
+  individuals who are not supposed to have access to it—for example, the ability
+  of users to read a file that they were not granted access to, or the ability of
+  an intruder to read data in transit between two computers.    Denial of Service:
+  Denial of service (DoS) attacks deny service to valid users—for example, by
+  making a Web server temporarily unavailable or unusable. You must protect
+  against certain types of DoS threats simply to improve system availability and
+  reliability.    Elevation of Privilege: An unprivileged user gains privileged
+  access and thereby has sufficient access to compromise or destroy the entire
+  system. Elevation of privilege threats include those situations in which an
+  attacker has effectively penetrated all system defenses and become part of the
+  trusted system itself, a dangerous situation indeed.
+  """
+  threat_category: LossScenarioThreat_category
+
   """
   The Sentinel design pattern associated with the Loss Scenario.
   """
@@ -3621,6 +3658,15 @@ type LossScenarioATTR {
   description: String
 
 }
+enum LossScenarioThreat_category {
+  nil
+  Spoofing
+  Tampering
+  Repudiation
+  Information_Disclosure
+  Denial_of_Service
+  Elevation_of_Privilege
+}
 enum LossScenarioDetect_pattern {
   Changing_Control_Input
   Data_Consistency
@@ -3631,6 +3677,7 @@ enum LossScenarioDetect_pattern {
 input LossScenarioATTR_Input {
   detectTime: Float
   isolateTime: Float
+  threat_category: LossScenarioThreat_category
   detect_pattern: LossScenarioDetect_pattern
   description: String
 }