Release Notes

Open initiative for an exchange format

You might already know our exchange format XSAM. Starting from this, we are just launching an initiative to form an open community which aims at establishing a cross-vendor, cross-tool XML-based format for eXchanging Security Analysis Models. We call it openxsam.io. If you are interested in joining the initiative, please contact us at security-analyst@itemis.de.

Additionally, we still have the knowledge base at https://www.security-analyst.org about general security analysis processes and norms.

Important Changes

Improved XSAM support

There is a number of improvements regarding XSAM import and export:

  • Virtual folders/packages are imported and exported now
  • The resolving of references/links is now more stable
    • Name based references in Propagation Expressions ( e.g. name/*/AS.1)
    • References into the Assessment Model are now exported name based
    • The same unresolved reference annotation (e.g. for external Ids) is not added multiple times, if a reference could not be resolved
    • The resolving of unresolved references can be triggered via intention “Try to resolve unresolved reference target” (mps based, name based and ext based references)
    • If the target of the unresolved reference is added manually, the unresolved-reference-annotation can be removed with intention “Remove unresolved reference annotation for resolved reference.”
  • Added missing import/export for some entities
  • Added “Import into Current Model (Beta)” to menus
    • Currently only exported models can be imported that way, not exported nodes 
  • Fixed bug: “Import into Current Model (Beta)” ignores the model specified in the xsam-file (“mps:modelref”) and imports the xsam file into the currently selected model
  • Added icons for xsam import and export menu entries
  • Improved error message, if xsam export fails

TARA Excel Report

Until now, only DOCX and PDF reports were supported. These reports have a natural page width limitation which did not allow for a conclusive, large table that contains more TARA elements. 

It is now possible to generate a (beta) excel report covering most of the TARA elements:

  • Assets and their Security Properties 
  • If Asset + Security Property is selected and optional justification if not selected
  • Damage Scenarios (directly assigned via Security Objectives) per Asset and Security Property 
  • The initial Impact Options and their rating per Damage Scenario
  • Threat Scenarios and their Attack Type per Damage Scenario 
  • Attack Paths including Attack Steps
    • Resulting Attack Feasibility Options and Attack Feasibility Rating for Attack Path
    • Applied Damage Transformations per Attack Path
    • Residual Impact Rating per Attack Path
    • Residual Risk Level per Attack Path
  • Note: Attack Paths where a Control or an Assumption removes all damage are not listed because they cannot be performed

Note: The Risk calculation and generated reports depend on the default Control Scenario (which you can see e.g. at the bottom of the Reports Chunk)

Propagation Operators: or & and turn into may & must

The default Propagation Operators or & and are replaced by may & must terminology in the template Compositions. To pass may-connected Propagation Operands it is sufficient to pass one out of n Operands. For must-connected Operands all of them have to be passed. In other words: may indicates independence and must dependence of Operands.

It is still possible to adapt the operands depending on the relation type (Threat, Mitigation, Dependence), so that the operator’s effect depends on the context where it is used.

The Default Operator is split up, so that you can select the Default Operator depending on the relation type:

Details about the Propagation Operation are now visible in the inspector: 

 

Customizable Project Info

The Project Info Chunk is completely refactored so that you can have your custom Project info: Generic tables and list replace the old static tables. Additionally you can just add simple key-value pairs and have empty lines, which helps you structuring the Project Info Chunk.

As replacement for the static project info entries you may use pre-defined templates which are selectable from the completion menu.

You can delete rows and columns (e.g. in the above-mentioned templates) to adapt them to your needs. Furthermore, there is a migration in place which transforms all existing tables into the new tables format.

Free-text is used like in the description of Security Objectives so you can have links to any entity in your analysis project.

Support multiple Project Info

It is possible to have a Project-Info in your Assessment Model and Catalog/Composition models. This allows you to add metadata for them (such as versions).

In the Report Chunk you can select which Project Info shall be reported via referencing it. This way you can document e.g. which version of your Assessment Model or Catalogs/Composition is used for the analysis. 

You can also have a Report Chunk in your Assessment Model or Catalogs/Composition to report entities from them.  

Various fixes and improvements

  • The default Control Scenario (= the currently active one) is visible at the bottom of the Reports Chunk
  • added “Refresh Editor” action (toolbar and right-click-menu in editor, it does the same as hitting F5)
  • Improved resolving of links in free-text fields (e.g. Description of Security Objectives)
    • links may use the same syntax as in xsam 
    • For experiments add “[name/*/INT|INT]” in any description to reference the Security Property Integrity
  • Description and other free-text based fields have now a preview in the inspector
  • If a Security Objective has no Attack Feasibility from the Depends-On relation nor from the Threatened-By relation, it’s Attack Feasibility is set to impossible.
  • Improved the information that is visible in the inspector for several Entities
  • The Security Objective’s Damped-By relation has now a meaningful error-message.
  • Fixed reports table “Damage Scenarios and Threat Scenarios”: In certain situations only sub-paths of an Attack Path were considered a valid Attack Path
  • Fixed Impact Option to Impact Option Transformation: Only the first occurrence of the impact option was transformed.
  • Propagation convenience: Fixed risk level when involving un-attacked security goals. When a security goal doesn’t have any attack path which threatens it, we will now display a calculated risk, as if this goal was considered impossible to break

Migration from earlier Versions

See: Update and Migration Notes

Version Mapping

The following table can be used to determine the itemis SECURE version based of the internal plugin version “com.moraad.core” that is stored in the .msd file of every solution:

<language slang=”l:2bca1aa3-c113-4542-8ac2-2a6a30636981:com.moraad.core” version=”<com-moraad-core-version>” />

com.moraad.core version itemis SECURE version
37 2.5.1
41 2019.2.0
44 2019.3.0
46 2019.3.1
48 2019.4.0
49 2019.4.1
54 2020.2.1
55 2020.1.1
58 2020.2.0
59 2020.2.1
61 2020.3
63 2020.3.1