Action Object

An action is an activity resulting in an impact to an affected context, that occurs within a given scenario.

Semantics

An action involves one or more high-level impact methods which occur in a specific affected context. Actions can result in impacts to the affected context. If multiple contexts are affected there will be multiple actions, with each action relating to a specific affected context.

Properties

An action has the following properties.

Identifier

Name id

Cardinality one

Description A globally unique identifier for the action.

The action identifier distinguishes the action from other actions related to the same vulnerability.

This identifier MUST be a version 4 (random) or 5 (SHA-1 based) Universally Unique Identifier (UUID) as defined by RFC 4122.

Name

Name hasName

Cardinality zero or one

Description A name or label to assist in identifying a given action in the context of the containing Vulnerability.

A given action name MUST be unique across all sibling actions.

The value of hasName MUST be based on the lexical space of a string as defined by ECMA-404 2nd edition, section 9.

Affected Context

Name affectsContext

Cardinality one

Description The conceptual entity where the impacts are realized from successful completion of an action.

By associating actions with an affected context for a given scenario, different impacts can be defined for the same context across different scenarios.

The value of affectsContext MUST be a value from the context value list.

Context Entity Role

Name hasEntityRole

Cardinality one

Description Describes the role an associated affected context performs in the action.

The value of hasEntityRole MUST be a value from the entity value list.

Relationships

An action has the following relationships.

Impact Method

Name hasImpactMethod

Cardinality one or many

Description Provides additional information about the approach used to carry out the action.

The object value of the hasImpactMethod relationship MUST be an impact method object.

Impact Result

Name resultsInImpact

Cardinality one or many

Description An impact that will occur due to an action.

The object value of the resultsInImpact relationship MUST be an impact object.

Impact Non-Result

Name doesNotResultInImpact

Cardinality zero or many

Description An impact that will not occur due to an action.

Can be used to indicate that a specific impact is not accomplished by the action.

The object value of the doesNotResultInImpact relationship MUST be an impact object.

Example

{
 "hasAction": [
   {
    "id": "S1A1",
    "hasEntityRole": "Security Authority::Primary",
    "affectsContext": "Application::Web Server",
    "hasImpactMethod": ["Code Execution"],
    "resultsInImpact": [
      {
       "id": "S1A1I1",
       "hasLogicalImpact": "Write-Direct",
       "hasScope": "Limited",
       "hasCriticality": "Low"
      }
    ]
   }
 ]
}

Graph View

Action Graph