Merge pull request #7 from mal-lang/6-tutorial-simple-mal-language

Added simple language+model tutorial

Author: mrkickling

.gitignore

@@ -1,5 +1,6 @@
 tmp
 venv
+.venv
 logs
 
 # Ignore files generated by scripts

tutorials/language-model-tutorial/my-language.mal

@@ -0,0 +1,27 @@
+#id: "org.mal-lang.my-language"
+#version: "1.0.0"
+
+category System {
+    asset Computer {
+        | connect
+            -> access
+        | crackPassword [HardAndCertain]
+            -> access
+        & access
+            -> compromise
+	    | compromise
+            ->  folder.accessFolder
+            -> toComputer.connect
+            -> toComputer.crackPassword
+    }
+    asset Folder {
+        | accessFolder
+            -> stealSecrets
+        | stealSecrets
+    }
+}
+
+associations {
+    Computer [fromComputer] * <-- ComputerConnection --> * [toComputer] Computer
+    Computer [computer] * <-- ComputerFolderConnection --> * [folder] Folder
+}

tutorials/language-model-tutorial/my-model.py

@@ -0,0 +1,50 @@
+import os
+from maltoolbox.model import Model
+from maltoolbox.language import LanguageGraph
+from maltoolbox.attackgraph import AttackGraph
+from malsim import MalSimulator, run_simulation
+from malsim.agents import RandomAgent
+
+
+def create_model(lang_graph: LanguageGraph) -> Model:
+    model = Model("my-model", lang_graph)
+
+    # Two computers
+    comp_a = model.add_asset("Computer", "ComputerA")
+    comp_b = model.add_asset("Computer", "ComputerB")
+
+    # Connection between computers
+    comp_a.add_associated_assets("toComputer", [comp_b])
+
+    # Two folders
+    folder1 = model.add_asset("Folder", "FolderA")
+    folder2 = model.add_asset("Folder", "FolderB")
+
+    # Connect the folders to the computers
+    comp_b.add_associated_assets("folder", [folder2])
+    comp_a.add_associated_assets("folder", [folder1])
+
+    return model
+
+
+def main():
+    lang_file = "my-language.mal"
+    current_dir = os.path.dirname(os.path.abspath(__file__))
+    lang_file_path = os.path.join(current_dir, lang_file)
+    my_language = LanguageGraph.load_from_file(lang_file_path)
+
+    # Create our example model
+    model = create_model(my_language)
+
+    graph = AttackGraph(my_language, model)
+
+    simulator = MalSimulator(graph)
+    simulator.register_attacker(
+        "MyAttacker", entry_points=["ComputerA:connect"], goals=["FolderB:stealSecrets"]
+    )
+    agents = [{"name": "MyAttacker", "agent": RandomAgent({})}]
+    path = run_simulation(simulator, agents)
+
+
+if __name__ == "__main__":
+    main()

tutorials/language-model-tutorial/tutorial2.md

@@ -0,0 +1,168 @@
+# Tutorial 2 - Create a language and a model
+In this tutorial, you will learn how to build a simple MAL language and create a model from it.
+
+## Step by step
+### Environment set-up
+Create a directory for the tutorial and set it as your working directory: `mkdir mal-tutorial2 && cd mal-tutorial2`
+Create a Python virtual environment and activate it.
+- On Linux-based operating systems:
+```
+python -m venv .venv
+source .venv/bin/activate
+```
+- On Windows:
+```
+python -m venv .venv
+.\.venv\Scripts\activate
+```
+Install the requirements:
+```
+pip install mal-toolbox
+pip install mal-simulator
+```
+
+### MAL language creation
+Create a MAL file in the same directory called `my-language.mal`.
+
+Copy this code into `my-language.mal`:
+
+```
+#id: "org.mal-lang.my-language"
+#version: "1.0.0"
+
+category System {
+    asset Computer {
+        | connect
+            -> access
+        | crackPassword [HardAndCertain]
+            -> access
+        & access
+            -> compromise
+	    | compromise
+            ->  folder.accessFolder
+            -> toComputer.connect
+            -> toComputer.crackPassword
+    }
+    asset Folder {
+        | accessFolder
+            -> stealSecrets
+        | stealSecrets
+    }
+}
+
+associations {
+    Computer [fromComputer] * <-- ComputerConnection --> * [toComputer] Computer
+    Computer [computer] * <-- ComputerFolderConnection --> * [folder] Folder
+}
+```
+
+This piece of code defines a simple MALLang. We define a category called System that holds two assets:
+- Computer
+    - If steps `connect` and `crackPassword` happen, then `access` would be triggered, which at the same time would trigger `compromise`.
+    - If `compromise` is activated, we would move to the step `accessFolder` in asset `Folder`.
+- Folder
+    - If `accessFolder` is given, it would trigger `stealSecrets`.
+
+In the `associations` section we define the relationship assets have. In this case, `Computer` and `Folder` have an N to M relationship, represented by the `*`.
+
+Once we have the MALLang file, we can create a python file to create models from this language.
+
+### Create and compile the model
+Create a .py file in the same directory called `my-model.py`.
+
+Copy this code into `my-model.py`:
+
+```python
+import os
+from maltoolbox.model import Model
+from maltoolbox.language import LanguageGraph
+
+
+def create_model(lang_graph: LanguageGraph) -> Model:
+    """Create a model with 2 computers"""
+    model = Model("my-model", lang_graph)
+
+    # Two computers
+    comp_a = model.add_asset("Computer", "ComputerA")
+    comp_b = model.add_asset("Computer", "ComputerB")
+
+    # Connection between computers
+    comp_a.add_associated_assets("toComputer", [comp_b])
+
+    # Two folders
+    folder1 = model.add_asset("Folder", "FolderA")
+    folder2 = model.add_asset("Folder", "FolderB")
+
+    # Connect the folders to the computers
+    comp_b.add_associated_assets("folder", [folder2])
+    comp_a.add_associated_assets("folder", [folder1])
+
+    return model
+```
+In this simple function, we create:
+- Two instances of our `Computer` asset (`ComputerA` and `ComputerB`) and our `Folder` asset (`FolderA` and `FolderB`).
+- A connection between `ComputerA` and `ComputerB`. The string `"computer2"` comes from the `ComputerConnection` association in the MAL language we created. 
+- Two connections between the computer and folder instances. The strings `"folder"` come from the `ComputerFolderConnection` association.
+
+Now we can instantiate the model and compile. Add this to the end of the file:
+
+```python
+def main():
+    lang_file = "my-language.mal"
+    current_dir = os.path.dirname(os.path.abspath(__file__))
+    lang_file_path = os.path.join(current_dir, lang_file)
+    my_language = LanguageGraph.load_from_file(lang_file_path)
+
+    # Create our example model
+    model = create_model(my_language)
+
+
+if __name__ == "__main__":
+    main()
+```
+Change `lang_file` accordingly. Here we create the model using our own language. To compile it, run the script with `python my-model.py`.
+
+### Create an attack graph
+To create an attack graph, we use the model and the MALLang. Add this import to the top of the file (below the other imports):
+
+```python
+from maltoolbox.attackgraph import AttackGraph
+```
+
+Put this line after `model = create_model(tyr_lang)`:
+
+```python
+# Generate an attack graph from the model
+graph = AttackGraph(my_language, model)
+```
+
+The attack graph is a representation of the model that folds out all of the attack steps defined in the MAL language. This can be used to run analysis or simulations.
+
+### Run simulation
+To run simulations, add these imports to the top of the file (below the other imports):
+
+```python
+from malsim import MalSimulator, run_simulation
+from malsim.agents import RandomAgent
+```
+
+Now we can create a MalSimulator from the attack graph `graph` and run simulations.
+
+Add this to the end of the `main` function:
+
+```python
+simulator = MalSimulator(graph)
+agents = {}
+path = run_simulation(simulator, agents)
+```
+
+When we run `python my-model.py` we will just see "Simulation over after 0 steps.". This is because we don't have any agents. Let us add an attacker agent.
+
+Replace the line `agents` with:
+
+```python
+simulator.register_attacker("MyAttacker", entry_points=["ComputerA:connect"], goals=["FolderB:stealSecrets"])
+agents =  [{'name': "MyAttacker", "agent": RandomAgent({})}]
+```
+
+This registers an attacker in the simulator, and creates a list of decision agents that can be used to take decisions for the simulator attacker.