securiLang Reference Manual

This section of the securicad.community site is a description of the different objects available within SecuriLang, the modeling language used to build models in securiCAD. Each object comes with a description of how to connect them, to what and why. Also, a short description of each object’s attributes – attacks and defenses, is provided.

Defenses are adjustable properties that may have an impact on the object’s protection level and the possibilities of an attack to traverse this particular object.

Attacks show, after calculation, the time, measured in days, it takes for an attacker to succeed with a particular attack step. Since attacks are in most cases dependent on probabilities, these results are often shown as a distribution consisting of many attempts, in securiCAD called samples.

SecuriLang and the algorithm used by securiCAD are based on academic research. Such topics are not included in this chapter.

Objects are described in alphabetical order.

The securiLang objects are;

AccessControl

Purpose An AccessControl object represents some access restriction, commonly login functionality. Connections   Attack Steps and Defenses       Read More >>

Client

Purpose A Client object represents a piece of software able to establish communication via the network. When modeling, Client software is in general seen as the software initiating communication in an information exchange. Only network related applications, capable of initiating a communication, shall be modeled as Client objects. Connections   Existence The Client object has an extra attribute; Existence. Existence ... Read More >>

Dataflow

Purpose A Dataflow object is used to represent communication between a client and a service. Connections   Existence Attack Steps and Defenses   Read More >>

Datastore

Purpose The Datastore object represents logical storage of data. It is up to the modeler to decide if the Datastore shall represent a file system, a database (or part of it), a directory or some other amount of data we are interested in modeling. Connections   The reason that five Datastore objects are depicted above is that there are ... Read More >>

Firewall

Purpose A Firewall object is used to represent communication restrictions in a Router. One way of looking at a Firewall object is to see it as a set of rules used by the connected Router object. In order to allow a Dataflow to traverse a Router with a Firewall, you need to connect the Dataflow to ... Read More >>

Host

Purpose A Host object is used to represent the kernel of a running operating system. The particular operating system release/software/distribution is defined by connecting a SoftwareProduct object to the Host object. Network related applications that are not part of the operating system kernel shall be modeled using either Clients or Services. Connections   Attack Steps and Defenses     UnknownService A system which ... Read More >>

IDS

Purpose The IDS object is used to represent an Intrusion Detection System used to prevent unauthorized or malicious use of resources. Intrusions are detected by matching characteristics of activities to known malicious patterns. Depending on what connections are used, the IDS will act as a Host Intrusion Detection System, HIDS or as a Network Intrusion Detection ... Read More >>

IPS

Purpose The IPS object is intended to represent an Intrusion Prevention System. It has large similarities with the previously described IDS functionality, but with the additional capability of blocking communication in case of suspicious communication behavior/patterns. Connections   Attack Steps and Defenses     Read More >>

Keystore

Purpose A Keystore object is representing a location where a collection of login credential information such as Active Directory, Kerberos or a local directory of private keys. The essence of the Keystore object is that if an attacker manages to read it, it will give access to login information/credentials (UserAccounts) or encryption keys needed to decrypt ... Read More >>

Network

Purpose A Network object is used to represent a network area/zone. All hosts connected to the same network can communicate with each other without any restrictions in communication. If hosts are restricted to communicate with each other, they should be connected to different network objects in the model. Connections   Attack Steps and Defenses     Read More >>

PhysicalZone

Purpose A PhysicalZone represents physical access to an area which contains a Host and/or Network. I.e. it represents a certain location, which implies that more than one location will yield in several PhysicalZones. Connections Attack Steps and Defenses Read More >>

Protocol

Purpose The Protocol object is used to represent the protection level of a Dataflow object/communication.   Attack Steps and Defenses     Read More >>

Router

Purpose A Router object is used to represent a gateway between Networks. A Router with no Firewall connected to is is regarded as a network bridge or a switch/hub. To add restrictions to it, please add a Firewall object. A router must be connected to an administrative network zone to define what network zone the administrator ... Read More >>

Service

Purpose A Service object is used to represent a piece of software that is ready to respond to client requests coming from a network. This is, in turn, represented by the connection to a Dataflow object. A Service is equal to an open network port. If the Service provides remote login/administration functionality, like SSH/RDP/VNC, the Service ... Read More >>

SoftwareProduct

Purpose The SoftwareProduct object is used to represent what piece of software the associated object is realized by. Connections     One SoftwareProduct may be connected to several Host, Client or Service objects. However, one SoftwareProduct object may not be connected to a mix of Host, Client or Service objects. Trying to do that will bring up a message window ... Read More >>

User

Purpose A User object represent a person that has the credentials to a certain UserAccount. Connections Attack Steps and Defenses Read More >>

UserAccount

Purpose A UserAccount represents the presence of an active user account in an access control mechanism. Connections Attack Steps and Defenses Read More >>

VulnerabilityScanner

Purpose A VulnerabilityScanner object is used to represent a piece of equipment or tool used to scan hosts in a network for vulnerabilities, unknown services and similar anomalies. It also reports if a certain host is not patched as it should. Connections   Attack Steps and Defenses       Read More >>

WebApplication

Purpose The WebApplication object is used to represent a network service provided by a web server. Since a web application partly is run on the web server and partly may be run on the client side, by a web browser, the WebApplication object represents both these parts. Worth mentioning is that this approach will let a ... Read More >>

WebApplicationFirewall

Purpose The purpose of the WebApplicaitonFirewall (WAF) is to mitigate vulnerabilities without the need to alter the source code of the WebApplicaiton. A WAF consists of both hardware and software that enables the functionality. In summary, the WAF is to prevent attacks on the WebApplication.     The WebApplicationFirewall has one relation and that is a connection to the ... Read More >>

ZoneManagement

Purpose A ZoneManagement object is used to represent that there is a standard procedure or similar routines in place taking care of for instance regular patching, scanning for services and enforcing high quality passwords.   Attack Steps and Defenses       Read More >>

Attacker

For completeness, we shall mention the Attacker object as well. The Attacker object is a bit different from the other modeling objects. It doesn't connect to other objects, but instead to any attack step within any object in the model. By doing so, we state the starting point of the attack and thus also what ... Read More >>