public void SetRisk([NotNull] IThreatEventScenario scenario, Risk risk)
        {
            var property = GetProperty(scenario, Resources.RiskProperty) ?? AddProperty(scenario, Resources.RiskProperty);

            if (property is IPropertyJsonSerializableObject jsonSerializableObject)
            {
                jsonSerializableObject.Value = risk;
            }
        }
예제 #2
0
        public static void SetRisk(this IThreatEventScenario scenario, Risk risk)
        {
            var model = scenario.Model;

            if (model != null)
            {
                var schemaManager = new QuantitativeRiskSchemaManager(model);
                schemaManager.SetRisk(scenario, risk);
            }
        }
 private void _ok_Click(object sender, EventArgs e)
 {
     if (IsValid() && _actor.SelectedItem is IThreatActor actor &&
         _severity.SelectedItem is ISeverity severity)
     {
         _scenario = _event.AddScenario(actor, severity, _name.Text);
         if (_scenario != null)
         {
             _scenario.Description = _description.Text;
             _scenario.Motivation  = _motivation.Text;
         }
     }
 }
예제 #4
0
        /// <summary>
        /// Checks if a Fact is used in a Threat Event Scenario.
        /// </summary>
        /// <param name="fact">Fact to be searched.</param>
        /// <returns>True if the Fact is used in the Scenario, false otherwise.</returns>
        public bool IsUsed([NotNull] Fact fact, [NotNull] IThreatEventScenario scenario)
        {
            var risk   = _schemaManager.GetRisk(scenario);
            var result = (risk?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
                         (risk?.LossEventFrequency?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
                         (risk?.LossEventFrequency?.ThreatEventFrequency?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
                         (risk?.LossEventFrequency?.ThreatEventFrequency?.ContactFrequency?.AssociatedFacts
                          ?.Contains(fact.Id) ?? false) ||
                         (risk?.LossEventFrequency?.ThreatEventFrequency?.ProbabilityOfAction?.AssociatedFacts
                          ?.Contains(fact.Id) ?? false) ||
                         (risk?.LossEventFrequency?.Vulnerability?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
                         (risk?.LossEventFrequency?.Vulnerability?.Difficulty?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
                         (risk?.LossEventFrequency?.Vulnerability?.ThreatCapability?.AssociatedFacts?.Contains(fact.Id) ??
                          false) ||
                         (risk?.LossMagnitude?.AssociatedFacts?.Contains(fact.Id) ?? false) ||
                         (risk?.LossMagnitude?.SecondaryLossEventFrequency?.AssociatedFacts?.Contains(fact.Id) ?? false);

            if (!result)
            {
                var primaryLosses = risk?.LossMagnitude?.PrimaryLosses?.ToArray();
                if (primaryLosses?.Any() ?? false)
                {
                    foreach (var loss in primaryLosses)
                    {
                        if (loss.AssociatedFacts?.Contains(fact.Id) ?? false)
                        {
                            result = true;
                            break;
                        }
                    }
                }
            }

            if (!result)
            {
                var secondaryLosses = risk?.LossMagnitude?.SecondaryLosses?.ToArray();
                if (secondaryLosses?.Any() ?? false)
                {
                    foreach (var loss in secondaryLosses)
                    {
                        if (loss.AssociatedFacts?.Contains(fact.Id) ?? false)
                        {
                            result = true;
                            break;
                        }
                    }
                }
            }

            return(result);
        }
예제 #5
0
        public static Risk GetRisk(this IThreatEventScenario scenario)
        {
            Risk result = null;

            var model = scenario.Model;

            if (model != null)
            {
                var schemaManager = new QuantitativeRiskSchemaManager(model);
                result = schemaManager.GetRisk(scenario);
            }

            return(result);
        }
        private IProperty AddProperty([NotNull] IThreatEventScenario scenario, [Required] string propertyName)
        {
            IProperty result = null;

            var schema       = GetEvaluationSchema();
            var propertyType = schema?.GetPropertyType(propertyName);

            if (propertyType != null)
            {
                result = scenario.AddProperty(propertyType, null);
            }

            return(result);
        }
        public void Add(IThreatEventScenario scenario)
        {
            if (scenario == null)
            {
                throw new ArgumentNullException(nameof(scenario));
            }
            if (scenario.ThreatEvent is IThreatModelChild child && child.Model != (Instance as IThreatEvent)?.Model)
            {
                throw new ArgumentException();
            }

            if (_scenarios == null)
            {
                _scenarios = new List <IThreatEventScenario>();
            }

            _scenarios.Add(scenario);
        }
        public IThreatEventScenario AddScenario(IThreatActor threatActor, ISeverity severity, string name = null)
        {
            if (threatActor == null)
            {
                throw new ArgumentNullException(nameof(threatActor));
            }
            if (severity == null)
            {
                throw new ArgumentNullException(nameof(severity));
            }

            IThreatEventScenario result = null;

            if (Instance is IThreatEvent threatEvent)
            {
                result = new ThreatEventScenario(threatEvent, threatActor, name)
                {
                    Severity = severity
                };

                if (_scenarios == null)
                {
                    _scenarios = new List <IThreatEventScenario>();
                }

                _scenarios.Add(result);
                if (Instance is IDirty dirtyObject)
                {
                    dirtyObject.SetDirty();
                }
                if (Instance is IThreatEventScenariosContainer container)
                {
                    _threatEventScenarioAdded?.Invoke(container, result);
                }
            }

            return(result);
        }
예제 #9
0
        public void Add(IThreatEventScenario scenario)
        {
            if (!(IsInitialized?.Get() ?? false))
            {
                return;
            }
            if (scenario == null)
            {
                throw new ArgumentNullException(nameof(scenario));
            }
            if (scenario.ThreatEvent is IThreatModelChild child &&
                child.Model != Model?.Get())
            {
                throw new ArgumentException();
            }

            if (_scenarios == null)
            {
                _scenarios = new List <IThreatEventScenario>();
            }

            _scenarios.Add(scenario);
        }
 public Risk GetRisk([NotNull] IThreatEventScenario scenario)
 {
     return((GetProperty(scenario, Resources.RiskProperty) as IPropertyJsonSerializableObject)?.Value as Risk);
 }
예제 #11
0
        private List <ValidationResult> Validate([NotNull] IThreatEventScenario scenario)
        {
            var result = new List <ValidationResult>();

            var risk = scenario.GetRisk();

            if (risk != null)
            {
                if (risk.InDepth)
                {
                    if (risk.LossEventFrequency == null)
                    {
                        result.Add(new ValidationResult(Resources.UndefinedLEF, true));
                    }
                    else
                    {
                        if (!risk.LossEventFrequency.IsValid)
                        {
                            result.Add(new ValidationResult(Resources.InvalidLEF, true));
                        }
                    }

                    if (risk.LossMagnitude == null)
                    {
                        result.Add(new ValidationResult(Resources.UndefinedLM, true));
                    }
                    else
                    {
                        if (risk.LossMagnitude.SecondaryLossEventFrequency == null)
                        {
                            result.Add(new ValidationResult(Resources.NullSLEF, true));
                        }
                        else if (!risk.LossMagnitude.SecondaryLossEventFrequency.IsValid)
                        {
                            result.Add(new ValidationResult(Resources.InvalidSLEF, true));
                        }

                        if (risk.LossMagnitude.PrimaryLosses == null)
                        {
                            result.Add(new ValidationResult(Resources.InvalidPL, true));
                        }
                        else
                        {
                            var found = false;
                            if (risk.LossMagnitude.PrimaryLosses.Any(
                                    x => x.Form == LossForm.Productivity && x.IsValid))
                            {
                                found = true;
                            }
                            else
                            {
                                result.Add(new ValidationResult(
                                               string.Format(Resources.InvalidPrimaryLoss,
                                                             LossForm.Productivity.GetEnumLabel()),
                                               false));
                            }
                            if (risk.LossMagnitude.PrimaryLosses.Any(
                                    x => x.Form == LossForm.Replacement && x.IsValid))
                            {
                                found = true;
                            }
                            else
                            {
                                result.Add(new ValidationResult(
                                               string.Format(Resources.InvalidPrimaryLoss,
                                                             LossForm.Replacement.GetEnumLabel()),
                                               false));
                            }
                            if (risk.LossMagnitude.PrimaryLosses.Any(
                                    x => x.Form == LossForm.Response && x.IsValid))
                            {
                                found = true;
                            }
                            else
                            {
                                result.Add(new ValidationResult(
                                               string.Format(Resources.InvalidPrimaryLoss, LossForm.Response.GetEnumLabel()),
                                               false));
                            }

                            if (!found)
                            {
                                result.Add(new ValidationResult(Resources.NoPrimaryLoss, true));
                            }
                        }

                        if (risk.LossMagnitude.SecondaryLosses == null)
                        {
                            result.Add(new ValidationResult(Resources.InvalidSL, true));
                        }
                        else
                        {
                            var found = false;
                            if (risk.LossMagnitude.SecondaryLosses.Any(
                                    x => x.Form == LossForm.CompetitiveAdvantage && x.IsValid))
                            {
                                found = true;
                            }
                            else
                            {
                                result.Add(new ValidationResult(
                                               string.Format(Resources.InvalidSecondaryLoss,
                                                             LossForm.CompetitiveAdvantage.GetEnumLabel()), false));
                            }
                            if (risk.LossMagnitude.SecondaryLosses.Any(
                                    x => x.Form == LossForm.FinesJudgements && x.IsValid))
                            {
                                found = true;
                            }
                            else
                            {
                                result.Add(new ValidationResult(
                                               string.Format(Resources.InvalidSecondaryLoss,
                                                             LossForm.FinesJudgements.GetEnumLabel()),
                                               false));
                            }
                            if (risk.LossMagnitude.SecondaryLosses.Any(
                                    x => x.Form == LossForm.Reputation && x.IsValid))
                            {
                                found = true;
                            }
                            else
                            {
                                result.Add(new ValidationResult(
                                               string.Format(Resources.InvalidSecondaryLoss,
                                                             LossForm.Reputation.GetEnumLabel()),
                                               false));
                            }

                            if (!found)
                            {
                                result.Add(new ValidationResult(Resources.NoSecondaryLoss, true));
                            }
                        }
                    }
                }
                else
                {
                    if (!risk.IsValid)
                    {
                        result.Add(new ValidationResult(Resources.InvalidRisk, true));
                    }
                }
            }
            else
            {
                result.Add(new ValidationResult(Resources.NullRisk, true));
            }

            return(result);
        }
예제 #12
0
        public bool Simulate([NotNull] IThreatEventScenario scenario, out IEnumerable <ValidationResult> validationResults)
        {
            var result = false;

            _frequencyArrays.Clear();
            _magnitudeArrays.Clear();

            var results = Validate(scenario);

            validationResults = results;
            if (!(results?.Any(x => x.IsBlockingError) ?? false))
            {
                var risk = scenario.GetRisk();
                if (risk.InDepth && risk.LossEventFrequency.IsValid && risk.LossMagnitude.SecondaryLossEventFrequency.IsValid)
                {
                    var primaryFrequency = GetSamples(risk.LossEventFrequency.FrequencyMin,
                                                      risk.LossEventFrequency.FrequencyMostLikely,
                                                      risk.LossEventFrequency.FrequencyMax,
                                                      risk.LossEventFrequency.FrequencyConfidence);
                    if (primaryFrequency != null)
                    {
                        var secondaryPercentage = GetSamples(risk.LossMagnitude.SecondaryLossEventFrequency.Minimum,
                                                             risk.LossMagnitude.SecondaryLossEventFrequency.MostLikely,
                                                             risk.LossMagnitude.SecondaryLossEventFrequency.Maximum,
                                                             risk.LossMagnitude.SecondaryLossEventFrequency.Confidence);
                        if (secondaryPercentage != null)
                        {
                            var primaryMagnitude = GetPrimaryLossMagnitudeSamples(risk);
                            if (primaryMagnitude != null)
                            {
                                var secondaryMagnitude = GetSecondaryLossMagnitudeSamples(risk);
                                if (secondaryMagnitude != null)
                                {
                                    _frequencyArrays.Add(primaryFrequency);
                                    var secondaryFrequency = new double[SamplesCount];
                                    for (var i = 0; i < SamplesCount; i++)
                                    {
                                        secondaryFrequency[i] =
                                            primaryFrequency[i] * secondaryPercentage[i] / 100.0;
                                    }
                                    _frequencyArrays.Add(secondaryFrequency);
                                    _magnitudeArrays.Add(primaryMagnitude);
                                    _magnitudeArrays.Add(secondaryMagnitude);
                                    result = true;
                                }
                                else
                                {
                                    results?.Add(new ValidationResult("Secondary Magnitude does not define a valid distribution", true));
                                }
                            }
                            else
                            {
                                results?.Add(new ValidationResult("Primary Magnitude does not define a valid distribution", true));
                            }
                        }
                        else
                        {
                            results?.Add(new ValidationResult(Resources.InvalidSLEFDistribution, true));
                        }
                    }
                    else
                    {
                        results?.Add(new ValidationResult(Resources.InvalidLEFDistribution, true));
                    }
                }
                else
                {
                    var frequency = GetSamples(risk.FrequencyMin, risk.FrequencyMostLikely,
                                               risk.FrequencyMax, risk.FrequencyConfidence);
                    var magnitude = GetSamples(risk.MagnitudeMin, risk.MagnitudeMostLikely,
                                               risk.MagnitudeMax, risk.MagnitudeConfidence);
                    if (frequency != null && magnitude != null)
                    {
                        _frequencyArrays.Add(frequency);
                        _magnitudeArrays.Add(magnitude);
                        result = true;
                    }
                }
            }

            return(result);
        }