Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

151 bugs in network connectivity inference #168

Merged
merged 18 commits into from
Nov 13, 2024
Merged

151 bugs in network connectivity inference #168

merged 18 commits into from
Nov 13, 2024

Conversation

mike1813
Copy link
Member

@mike1813 mike1813 commented Aug 2, 2024
edited
Loading

The source branch incorporates several developments to fix issues found in a test case involving a private cellular network which was partially asserted (a situation not anticipated when the cellular network construction sequence was created).

Issues addressed are as follows.

Issue #151: this was a sequencing error whereby some inference patterns that depended on HprLS+c were triggered before HprLS+c. Fixed by reordering these and related patterns into three groups, applied in this order:

  • Internet accessibility inference patterns
  • Local inferred subnet patterns (host-internal LANs and USB/Bluetooth)
  • Mobile hotspots which are also somewhat local
  • Cellular network accessibility and implementation
  • Other network accessibility inference

Issue #152: this was the issue concerning the need to allow for the possibility that users may want (or try) to assert part of a cellular network infrastructure. Fixed by splitting the existing patterns into several patterns so that each inferred asset could be added separately, if and only if it was not already present. To make this work it was also necessary to refine relationships between logical subnets and abstract subnets implemented by the logical subnets. In particular, these relationships had to become assertible when used in cellular networks but not when used in WiFi hotspot models. For that reason, new subtypes had to be used.

Note that the existence of a new assertible relationship types does not in itself create a backward compatibility issue w.r.t. system models. Old models will not include these relationship at all, and it should be necessary to add them only in models that don't work properly because they are affected by issues #151 or #152. However, see below.

The new relationships did raise an issue for the domain model which has been fixed:

The resequencing for issue #151, combined with the refactoring of construction patterns for issue #152 led to other sequencing issues. In addition, tests uncovered other bugs exercised by corner cases that were masked before by the old sequencing. The following accessibility inference corner cases were found and addressed:

Then comes HprLS+c, which inserts the connection between a subnet and its providing host, plus interfaces. There is a possible bug in pattern ILSA+c, described in issue #167. It doesn't seem to cause a problem, and it certainly doesn't affect test cases for issues #151 and #152, so it has not been addressed yet.

After the host-subnet connection and interface inference, comes logical path segment inference - i.e., routes through gateways. This sequence has also been reorganised and made more resilient by adding checks to ensure that segments are not created if they duplicate a previously inferred segment. The order of segment generation is now:

  • Cellular network segments through the backbone router and base stations
  • USB/Bluetooth segments allowing communication through a paired host to a subnet to which it is connected
  • Routing between other gateway hosts between IP subnets

The cellular network segment generation patterns have been refactored so we get different segment classes and hence routing restrictions in private cellular networks. These changes are part of the solution to issue #152.

Here too, some older bugs and corner cases were found and fixed:

This is followed by network path inference, and then service channel creation where another old bug was found:

In addition, a new feature was identified as necessary to complete the delineation between public and private cellular networks. In public cellular networks, client devices are not trusted, so there routing restictions are used to prevent users running services accessible from outside the cellular network, or from outside the user's cell. However, it is impossible to model a restriction preventing service access between devices in the same cell. This is due to a limitation in the model for a network path, which was documented as issue #159, but not addressed in these changes.

The changes in logicsal segmen inference patterns for issues #152 and #157 have produced genuine system model backward compatibility issue. This is due to the fact that the logical segment classes have changed, and hence the URIs of the generated segments have changed. Any user assertions referring to the old URIs (e.g., controls or impact levels) will need to be replaced.

mike1813 added 18 commits July 10, 2024 14:22
@mike1813
Issue #152: implemented 18 fixes described in #152 (comment), but not…
b2039cd 
… yet tested due to #154.
@mike1813
Issue #152 now addressed.
f406782
@mike1813
Issue #154 now also fixed by addition of pattern PCNRSI+aF.
df4643f
@mike1813
Issue #151: construction sequence fixed so routes are generated as re…
6623047 
…quired.

Issue #152: addressed issues found in regression test following fix for Issue #151.
@mike1813
Issue #152: fixed inconsistency with specification recorded in the is…
d2c1c02 
…sue, splitting CNSRAN-p+BS so it adds a location for the inferred base station in a private (but not public) cellular network.
@mike1813
Issue #157: modified construction patterns for logical segments (rout…
28c2bb0 
…es) to and from USB or Bluetooth pairing connections.
@mike1813
Issues #152 and #157 - tidying up.
fc2845c 
- Added prohibited nodes to MP-L3c-rGc-rL3 and MP-L3rGc-rL3 used by IP routing inference patterns, for consistency with changes for issues #152 and #157.
- Deleted CP-LPLRTSg-f+b, which encoded routing constraints involving tethered connections, which are now handled by changes elsewhere for issues #152 and #157.
- Deleted threats Sg.A.LTRevSg2.6.1, Sg.TA.LTRevSg2.8 and Sg.TA.LTRevSg2AC.1, which are rendered redundant by changes for issue #157.
- Fixed bugs in patterns CP-L3cGrL1+CSg and CP-L1cGcL3+NSg or their matching/root patterns, regression errors in changes for #157.
- Fixed bugs in patterns CP-PCNSRAN-p+BS and CP-UCNSRAN-p+BS, so they relate to private/public cellular networks, errors introduced by changes for #152.
@mike1813
Issue #157: deleted ReverseTetheringSegment asset which is not used a…
c0e3ae4 
…fter fixes for #157, plus other tidying up.
@mike1813
Issue #157: more tidying up to remove experimental changes that are n…
37f61c7 
…o longer needed for this issue.
@mike1813
Issue #157: removed premature changes to the construction pattern seq…
d12de6c 
…uence which were for #159 and were accidentially included in some commits on #157.
@mike1813
Issue #162: refactored abstract subnet and subnet accessibility const…
85415c1 
…ruction sequence.
@mike1813
Issue #157: updated threats involving connection tethering, which wer…
76fe49f 
…e previously overlooked.
@mike1813
Issues #161 and #162:
d5a7ed3 
- modified network connectivity construction sequence (#162)
- rationalised prohibited nodes in client-service communication path sequence (#161)
@mike1813
Issue #152: added an extra construction pattern to provide another op…
23e3ffe 
…tion for inferred association of a base station, plus some tidying up of icons, labels and descriptions.
@mike1813
Issue #152: fixed cellular network asset assertibility flags and adde…
d2e3efa 
…d a palette type overlay parent class.
@mike1813
Issue #155: added construction of a new isMobile link, and used this …
89695f3 
…rather than host subclass to determine network accessibility in the host location.

Issue #163: replaced isHotspot links by the base type isAbstractSubnet where the selection criteria are not specific to WiFi hotspots.
Issue #152: fixed minor bugs discovered while addressing #163.
@mike1813
Issue #164: tidied up the logical-to-abstract subnet implementation r…
d6ee759 
…elationships.
@mike1813
Issue #153: added modelling error to detect fixed hosts with multiple…
a1120b2 
… locations.

Issue #165: fixed bug in construction pattern for public cellular network accessibility inference.
Issue #166: fixed bug in network accessibility modelling error.
@mike1813 mike1813 requested a review from samuelsenior August 2, 2024 01:40
@mike1813 mike1813 requested a review from danshearer August 13, 2024 10:14
@samuelsenior
Copy link
Member

I've been able to start looking at this Pull Request; two quick questions @mike1813 just to double check, in (e.g.) the test model Issue-151-Test-01d of issue #151 I find a modelling error that there is no network path from C2 to S4, is this intended behaviour? Also, I find no network path modelling error between C4 and S2, is this also intended behaviour?

@mike1813
Copy link
Member Author

in (e.g.) the test model Issue-151-Test-01d of issue #151 I find a modelling error that there is no network path from C2 to S4, is this intended behaviour? Also, I find no network path modelling error between C4 and S2, is this also intended behaviour?

This is the intended behaviour in both cases. In Issue-151-Test-01d the following client-service connections should have no network path:

  • C1-S2: should fail because in a public cellular network it is assumed you can't access a service on a smart phone from outside its cell (in this case C1 is in a different cell).
  • C2-S2: should fail because in a public cellular network it is assumed you can't access a service on a smart phone from outside its cell (in this case C2 is on the Internet).
  • C2-S4: should fail because in a public cellular network it is assumed you can't access a service via a smart phone connected to a cell (in this case C2 is on the Internet, and S4 is on a WiFi that could only be reached via the cellular network connection of smartphone P1).

You didn't mention C1-S2, so I guess that one was more obvious. All the other client-service connections (C1-S1, C1-S4, C3-S2 and C4-S1) should be OK.

In the case of C3-S2 this is arguably not OK. The two hosts are in the same cell, but access from C3 to S2 would be via the base station in that cell, which would probably be blocked. This can't be done with our current implementation. It is covered by a separate issue #159, which was left for a later update.

samuelsenior
samuelsenior approved these changes Nov 13, 2024
View reviewed changes
Copy link
Member

@samuelsenior samuelsenior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good then, thanks! Should be good to merge in.

@samuelsenior samuelsenior merged commit da938b0 into 6a Nov 13, 2024
@mike1813 mike1813 deleted the 151-bugs-in-network-connectivity-inference branch November 20, 2024 09:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samuelsenior samuelsenior samuelsenior approved these changes

@danshearer danshearer Awaiting requested review from danshearer

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mike1813 @samuelsenior