Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Previous risk calculation results not fully cleared #219

Open
mike1813 opened this issue Nov 5, 2024 · 1 comment
Open

Previous risk calculation results not fully cleared #219

mike1813 opened this issue Nov 5, 2024 · 1 comment
Labels
blocker Holding up other developments (not necessarily in this repository) bug Something isn't working important Likely to affect a lot of system models or system-modeller users or

Comments

@mike1813
Copy link
Member

mike1813 commented Nov 5, 2024

When the risk calculator runs, there is a call to RiskCalculator.initialiseLevels(), which does two things:

  • it sets initial values for every likelihood/TW level that is to be calculated, and
  • it clears threat graph properties indicating which TWA are external causes, which threats are initial or root causes, which threats cause which misbehaviours, and so forth

Unfortunately, the second step is incomplete because some threat graph properties have been added since RiskCalculator.initialiseLevels() was last updated.

The one I noticed was the property core#isNormalOpEffect of MisbehaviourSet entities, which is set to true if the associated behaviour is caused by normal operational threats. This doesn't sound like a risk calculation output because it seems like it should be a constant property of the behaviour. In fact, it is possible for behaviours to be caused by both normal operational and adverse threats, and in that case which threat is considered responsible depends on which threat is more likely - i.e., the result of the risk calculation given the assumed TW levels and control coverage levels.

The way to spot this is to validate a model, then run three risk calculations, exporting the resulting NQ files:

  • a CURRENT risk calculation
  • a FUTURE risk calculation
  • a CURRENT risk calculation

The FUTURE risk calculation considers a lot of extra threats, many being normal operational threats, e.g., threats modelling the discovery of softwaere vulnerabilities. The core#isNormalOpEffect property gets set for various behaviours in the second risk calculation in this sequence. However, those threats are ignored in a CURRENT risk calculation so the core#isNormalOpEffect property should not be set in the first and last calculations.

It turns out that this property is absent (as it should be) in the results of the first CURRENT risk calculation, but not the second. This is because it gets added by the FUTURE risk calculation, and is not cleared properly by RiskCalculator.initialiseLevels() in the subsequent CURRENT risk calculation.
@kenmeacham kenmeacham added the bug Something isn't working label Dec 17, 2024
@mike1813 mike1813 added blocker Holding up other developments (not necessarily in this repository) important Likely to affect a lot of system models or system-modeller users or labels Jan 9, 2025
@mike1813
Copy link
Member Author

mike1813 commented Jan 9, 2025

Reviewed by @mike1813 : this is a bug that is likely to affect many users.

It may be related to issue #50, although that is concerned with the retention of volatile output for use in a subsequent calculation, where this issue is about negating previous output before a new calculation. Unlike #50, it should be an easy fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocker Holding up other developments (not necessarily in this repository) bug Something isn't working important Likely to affect a lot of system models or system-modeller users or
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mike1813 @kenmeacham