Capabilities are used to define pre- and postconditions. A precondition describes what has to be given before an attack step is made, whereas a postcondition analyzes the results of an attack.
For example, entering an admin password before an action can be defined as precondition. The postcondition would then verify, that we have control over a component. The postconditions can be used as preconditions for later attack steps. In a rule, a precondition can be defined by using requires capability, and a postcondition by provides capability.
Create a new Capability
To create a new capability, you first have to switch to the correct page. Please click on Capabilities in the Navigation bar.
There, you can see pre-defined capabilities by the AIT. To create a new one, simply click on the + button in the top right corner.
After defining a name and meaningful description for the new capability, you can decide what type it should be. The choices are boolean, string and integer.
For string and integer types, values must be entered manually. You can do this by entering the value into the New Value field and then clicking on Add.
As you can see, all capabilities are created with the default namespace (in the standard installation called "USER"), but a different one can be selected if needed. The items created by AIT have the "AIT" namespace.
To save your newly defined tagged value, please click on the button with the Disk symbol on the top right corner.
You can also cancel the creation of the new tagged value by clicking on the X on the top right corner.
You can also select the Circular Arrow to undo any changes.
Search for a capability
As with time the number of capabilities may grow, it is also possible to search for particular ones. To do this, simply enter part of the nam eor description in the search field.
All the capabilities matching the search will be listed.