Merge branch 'master' into ustutt

NOTICE

@@ -65,6 +65,7 @@ Copyright (c) 2018 Adrian Wersching
 Copyright (c) 2018-2019 Björn Müller
 Copyright (c) 2018 Christoph Krieger
 Copyright (c) 2018 Ghareeb Falazi
+Copyright (c) 2018 Julian Sudendorf
 Copyright (c) 2018 Marius Altmann
 Copyright (c) 2018 Marius Fischer
 Copyright (c) 2018 Vladimir Yussupov

docs/adr/0028-use-hardcoded-namespaces-for-threat-modeling.md

@@ -0,0 +1,33 @@
+# Use hardcoded namespaces for threat modeling
+
+## Context and Problem Statement
+
+The threat modeling approach relies on pairs of threats and mitigations.
+Each "threat" should be referenced by one particular "mitigation".
+
+## Considered Options
+
+* hardcoding the namespaces, default node types and properties.
+* dynamic namespaces similar to "pattern namespaces" for threats and mitigations
+
+## Decision Outcome
+
+Chosen option: hardcoded namespaces, due to ease of implementation and static nature of the problem
+
+### Positive Consequences
+In the context of threat modeling multiple different types of threats/mitigations are not necesaary so a minimal base type that carries the required properties (reference) can be used and extended
+
+
+## License
+
+Copyright (c) 2018 Contributors to the Eclipse Foundation
+
+See the NOTICE file(s) distributed with this work for additional
+information regarding copyright ownership.
+
+This program and the accompanying materials are made available under the
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License 2.0
+which is available at https://www.apache.org/licenses/LICENSE-2.0.
+
+SPDX-License-Identifier: EPL-2.0 OR Apache-2.0

docs/adr/index.md

@@ -32,6 +32,7 @@ This lists the architectural decisions for Eclipse Winery.
 - [ADR-0025](0025-use-same-logback-test-xml-for-each-sub-project.md) - Use same `logback-test.xml` for each sub project
 - [ADR-0026](0026-store-license-and-readme-in-entity-root-folder-in-csar.md) - Store `LICENSE` and `README.md` in respective entity's root folder in a CSAR
 - [ADR-0027](0027-use-dasherization-for-filenames.md) - Use dasherization for filenames
+- [ADR-0028](0028-use-hardcoded-namespaces-for-threat-modeling.md) - Use hardcoded namespaces for threat modeling
 
 <!-- adrlogstop -->
 

docs/user/ThreatModelingNFV.md

@@ -0,0 +1,72 @@
+# Threat Modeling for security-aware NFV
+
+Threat modeling enables a user to annotate threats in a topology using a structured approach and receive recommendations which security-related Virtual Network Function (S-VNF) should be used.
+
+This documents specifies how this functionality is intended to be used.
+
+## Why threat modeling?
+In order to protect something of value, threats that impose risk on a application need to be modeled and assessed.
+Network Function Virtualization (NFV) can be used as a component based approach to mitigate a certain class of threats.
+For Example a virtual firewall could mitigate the threat of publicly exposed ports of a database.
+
+This way it is possible to create a relation between a threat and a potentially mitigating NFV implementation.
+To realize this, this module relies on the presents of two special PolicyTypes and a special NodeType.
+The setup of these types is automatically triggered if a new threat is created using the designated UI.
+It is assumed that each VNF implementations is encapsulated in it's own ServiceTemplate. 
+
+## Creating threats
+
+A threat is a PolicyTemplate of a special PolicyType ("{http://opentosca.org/threatmodeling}Security.Threat-w1_wip1") and can therefore be created like a regular PolicyTemplate.
+The topology modeler UI and repository UI can both be used to create threats. 
+However it is recommended to create threats using the designed UI in the topology modler UI.
+This way it is ensured that threats are created using the required parameters and the corresponding mitigation is created automatically and set up properly.
+[STRIDE](https://docs.microsoft.com/de-de/azure/security/azure-security-threat-modeling-tool-threats) is used as a threat modeling methodology.
+Each threat requires a name, a textual description, stride classification and a severity rating in the form of "Low", "Middle" and "High".
+
+![threat-creation.png](graphics/threatmodelingNFV/threat-creation.png)
+
+## Assigning threats to NodeTemplates
+The created threat PolicyTemplate is intended to be used on a NodeTemplate of a topology to indicate that this NodeTemplate is the target of the threat.
+This is done in the topology modeler UI.
+The Threat Modeling Modal can be used to generate an overview of all available threats under the menu "Threat Catalog" and receive info on description, stride and severity.
+Subsequently the desired threat PolicyTemplate has to be assigned like any other PolicyTemplate using the regular UI.
+
+![threat-catalog.png](graphics/threatmodelingNFV/threat-catalog.png)
+
+## Assigning mitigations to VNFs
+When threats are created using the threat modeling UI (topology modeler) a corresponding mitigation PolicyTemplate is created.
+A naming convention of prepending the given threat name with the string "MITIGATE_" is established to ease working with threat and mitigations.
+Referencing the corresponding threat is done by using the "ThreatReference" property of the PolicyTemplate.
+Here a string representation of the QName of the threat needs to be specified.
+Again, this is done automatically when using the UI.
+
+A mitigation PolicyTemplate is intended to be used in the boundary definitions of a ServiceTemplate to indicate that the topology of the ServiceTemplate can be used to mitigate a given threat.
+Multiple mitigations can be assigned to the same ServiceTemplate.
+
+## Specifying substitutable NodeTypes for ServiceTemplates
+In order to use the topology of a ServiceTemplate in the application topology where threats are present, a substitutable NodeType needs to be specified.
+The implemented functionality makes no assumptions how these NodeTypes are modeled besides being abstract and derive from the SVNF NodeType ({http://opentosca.org/nfv/security}S-VNF-w1_wip1).
+It is intended to model NodeTypes that inherit from S-VNF (referred to as S-VNF Groups) in a way that multiple VNF implementations can substitute the same S-VFN Group.
+All this is done in order to enable users to use abstract NodeTypes in their topologies to hide the underlying complexity and later substitute. Therefore the general rules of substitution apply. 
+
+## Threat assessment and mitigation recommendation
+The "Threat Assessment" menu can be viewed in the repository UI on each ServiceTemplate.
+An overview of present threats, their targets, and potential mitigation strategies using available VNFs are presented.
+This way a detailed look on the current state of the threats is enabled.
+Each recommendation can be directly added to the topology by clicking the corresponding button in the "Available Mitigations" part of the threat modeling modal. 
+
+![threat-assessment.png](graphics/threatmodelingNFV/threat-assessment.png)
+
+## License
+
+Copyright (c) 2018 Contributors to the Eclipse Foundation
+
+See the NOTICE file(s) distributed with this work for additional
+information regarding copyright ownership.
+
+This program and the accompanying materials are made available under the
+terms of the Eclipse Public License 2.0 which is available at
+http://www.eclipse.org/legal/epl-2.0, or the Apache Software License 2.0
+which is available at https://www.apache.org/licenses/LICENSE-2.0.
+
+SPDX-License-Identifier: EPL-2.0 OR Apache-2.0

docs/user/index.md

@@ -20,6 +20,8 @@ For more information on TOSCA see [our TOSCA information page](../tosca/).
 - [Implementation Artifact Generation](generateIA.md) - Shows how to generate and update an implementation artifact of type .war
 - [Accountability](../../org.eclipse.winery.accountability/README.md) - Enables enforcing accountability in decentralized scenarios for collaborative development of CSARs
 - [Version Management](VersionManagement.md) - shows how to update the version of a node template in the topology modeler
+- [Threat Modeling For NFV](ThreatModelingNFV.md) - Enables threat modeling capabilities and NFV-based mitigation recommendation
+
 ## Background Literature
 
 [BBKL14] Breitenbücher, Uwe; Binz, Tobias; Kopp, Oliver; Leymann, Frank: Vinothek - A Self-Service Portal for TOSCA. In: Herzberg, Nico (Hrsg); Kunze, Matthias (Hrsg): Proceedings of the 6th Central-European Workshop on Services and their Composition (ZEUS 2014).

org.eclipse.winery.frontends/app/topologymodeler/src/app/canvas/canvas.component.html

@@ -327,6 +327,98 @@
     </winery-modal-footer>
 </winery-modal>
 
+<winery-modal *ngIf="!readonly" bsModal #threatModelingModal="bs-modal" [modalRef]="threatModelingModal">
+    <winery-modal-header [title]="'Threat Model'">
+    </winery-modal-header>
+    <winery-modal-body>
+        <div id="accordion">
+            <div class="card">
+                <div class="card-header" id="headingOne">
+                    <h5 class="mb-0">
+                        <button class="btn btn-link"  (click)="this.threatModalTab='create'">Create New Threat</button>
+                    </h5>
+                </div>
+
+                <div id="collapseOne" class="collapse" [class.show]="this.threatModalTab==='create'" >
+                    <div class="card-body">
+                        <form (ngSubmit)="this.createNewThreat()">
+                            <div class="form-group row">
+                                <label for="text" class="col-sm-4 col-form-label">Threat name</label>
+                                <div class="col-sm-8">
+                                    <input type="text" class="form-control" id="name" name="name" required [(ngModel)]="this.threatModelingData.threatCreation.name">
+                                </div>
+                            </div>
+                            <div class="form-group row">
+                                <label for="text" class="col-sm-4 col-form-label">Description</label>
+                                <div class="col-sm-8"><textarea class="form-control" id="description" name="description" required [(ngModel)]="this.threatModelingData.threatCreation.description"></textarea></div>
+                            </div>
+                            <div class="form-group row">
+                                <label for="stride" class="col-sm-4 col-form-label">STRIDE</label>
+                                <div class="col-sm-8"><select class="form-control" id="stride"  name="stride" [(ngModel)]="this.threatModelingData.threatCreation.stride">
+                                    <option>Spoofing</option>
+                                    <option>Tampering</option>
+                                    <option>Repudiation</option>
+                                    <option>Information Disclosure</option>
+                                    <option>Denial of Service</option>
+                                    <option>Elevation of Privilege</option>
+                                </select></div>
+                            </div>
+                            <div class="form-group row">
+                                <label for="severity" class="col-sm-4 col-form-label">Severity</label>
+                                <div class="col-sm-8">
+                                    <select class="form-control" id="severity"  name="severity" [(ngModel)]="this.threatModelingData.threatCreation.severity">
+                                        <option>Low</option>
+                                        <option>Middle</option>
+                                        <option>High</option>
+                                    </select>
+                                </div>
+                            </div>
+                            <button type="submit" class="btn btn-primary">Submit</button>
+                        </form>
+                    </div>
+                </div>
+            </div>
+            <div class="card">
+                <div class="card-header" id="headingTwo">
+                    <h5 class="mb-0">
+                        <button class="btn btn-link collapsed" (click)="this.threatModalTab='mitigations'">Available Mitigations</button>
+                    </h5>
+                </div>
+                <div id="collapseTwo" class="collapse" [class.show]="this.threatModalTab==='mitigations'">
+                    <div class="card-body">
+                        <p>Click on a Mitigation to directly add it to the topology</p>
+                        <button class="btn btn-primary" style="margin-right:10px;margin-bottom:10px" *ngFor="let mitigation of this.threatModelingData.mitigations" (click)="addMitigationToTopology(mitigation)">{{mitigation.localName}}</button>
+                    </div>
+                </div>
+            </div>
+            <div class="card">
+                <div class="card-header" id="headingThree">
+                    <h5 class="mb-0">
+                        <button class="btn btn-link collapsed" (click)="this.threatModalTab='catalog'">Threat Catalog</button>
+                    </h5>
+                </div>
+                <div id="collapseThree" class="collapse" [class.show]="this.threatModalTab==='catalog'">
+                    <div class="card-body">
+                        <ul class="list-group">
+                            <li class="list-group-item" *ngFor="let threat of this.threatModelingData.threatCatalog">
+                                <h5 class="">{{threat.templateName}}</h5>
+                                <p>{{threat.properties.description}}</p>
+                                <div class="pull-right">
+                                    <span class="badge badge-pill badge-warning" style="margin-right: 10px;">{{threat.properties.strideClassification}}</span>
+                                    <span class="badge badge-pill badge-danger" style="">{{threat.properties.severity}}</span>
+                                </div>
+                            </li>
+                        </ul>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </winery-modal-body>
+    <winery-modal-footer [showDefaultButtons]="false">
+        <button type="button" id="cancelThreatModeling" class="btn btn-primary" (click)="closeThreatModeling()">Cancel</button>
+    </winery-modal-footer>
+</winery-modal>
+
 <winery-entities-modal *ngIf="!readonly"
                        [(modalVariantAndState)]="modalData"
                        [entityTypes]="entityTypes"