Managing Capabilities
Capabilities are used to define pre- and postconditions. A precondition describes what has to be given before an attack step is made, whereas a postcondition analyzes the results of an attack.
For example, entering an Admin Password before an action can be defined as precondition. The postcondition would then verify, that we have Control over a component. The postconditions can be used as preconditions for later attack steps. Inside an anti-pattern of a rule, a precondition can be defined by using requires capability, and a postcondition by provides capability.
Create a new Capability
To create a new capability, you first have to switch to the correct page. Please click on Toolbox in the Navigation bar and afterwards on the tab Capabilities on the left side.
There, you can see pre-defined capabilities by the AIT. To create a new one, simply click on the New Capability button on the left side on top of the listing.
After defining a name and meaningful description for the new capability, you can decide what type it should be. The choices are boolean, string and integer.
For the boolean capability type, values are preset and cannot be changed.
For string and integer types, values must be entered manually. You can do this by entering the value into the New Value field and then clicking on Add.
As you can see, all capabilities are created with the default namespace (in the standard installation called "USER"), but a different one can be selected if needed. The items created by AIT have the "AIT" namespace.
To save your newly defined tagged value, please click on the Save button.
You can also cancel the creation of the new tagged value by clicking on the Trash Can on the top.
You can also select the Circular Arrow to undo any changes.
Search for a capability
As with time the number of capabilities may grow, it is also possible to search for particular ones. To do this, simply enter part of the name or description in the search field.
All the capabilities matching the search will be listed.