Added new Stereotype FeedbackData to the ML Top 10 profile + Input

Manipulation Check

Author: APHDKO

plugins/carisma.check.mltop10checks/.classpath

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-23"/>
+	<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+	<classpathentry kind="src" path="src"/>
+	<classpathentry kind="output" path="bin"/>
+</classpath>

plugins/carisma.check.mltop10checks/.project

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>carisma.check.mltop10checks</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.ManifestBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.SchemaBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.pde.PluginNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>

plugins/carisma.check.mltop10checks/.settings/org.eclipse.core.resources.prefs

@@ -0,0 +1,2 @@
+eclipse.preferences.version=1
+encoding/<project>=UTF-8

plugins/carisma.check.mltop10checks/.settings/org.eclipse.jdt.core.prefs

@@ -0,0 +1,9 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=23
+org.eclipse.jdt.core.compiler.compliance=23
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=warning
+org.eclipse.jdt.core.compiler.release=enabled
+org.eclipse.jdt.core.compiler.source=23

plugins/carisma.check.mltop10checks/META-INF/MANIFEST.MF

@@ -0,0 +1,19 @@
+Manifest-Version: 1.0
+Bundle-ManifestVersion: 2
+Bundle-Name: Mltop10checks
+Bundle-SymbolicName: carisma.check.mltop10checks;singleton:=true
+Bundle-Version: 1.0.0.qualifier
+Require-Bundle: org.eclipse.swt,
+ org.eclipse.jface,
+ carisma.modeltype.uml2,
+ carisma.profile.umlsec,
+ org.eclipse.uml2.uml,
+ carisma.core,
+ org.eclipse.ui,
+ org.eclipse.core.runtime,
+ org.eclipse.core.resources,
+ org.eclipse.uml2.uml.resources,
+ carisma.check.staticcheck,
+ carisma.profile.umlsec.mltop10
+Automatic-Module-Name: carisma.check.mltop10checks
+Bundle-RequiredExecutionEnvironment: JavaSE-23

plugins/carisma.check.mltop10checks/build.properties

@@ -0,0 +1,5 @@
+source.. = src/
+output.. = bin/
+bin.includes = META-INF/,\
+               .,\
+               plugin.xml

plugins/carisma.check.mltop10checks/plugin.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?eclipse version="3.4"?>
+<plugin>
+   <extension
+         point="carisma.carismacheck">
+      <check
+            description="Performs input manipulation check"
+            id="carisma.check.mltop10checks.inputmanipulation"
+            implementingClass="carisma.check.mltop10checks.inputmanipulation.InputManipulationCheck"
+            name="MLTop10 Input Manipulation Check"
+            publisher="Alexander Peikert"
+            targetModelType="UML2">
+      </check>
+   </extension>
+
+</plugin>

plugins/carisma.check.mltop10checks/src/carisma/check/mltop10checks/inputmanipulation/InputManipulationCheck.java

@@ -0,0 +1,168 @@
+package carisma.check.mltop10checks.inputmanipulation;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import org.eclipse.emf.ecore.resource.Resource;
+import org.eclipse.uml2.uml.Artifact;
+import org.eclipse.uml2.uml.Package;
+
+import carisma.core.analysis.AnalysisHost;
+import carisma.core.analysis.DummyHost;
+import carisma.core.analysis.result.AnalysisResultMessage;
+import carisma.core.analysis.result.StatusType;
+import carisma.core.checks.CarismaCheckWithID;
+import carisma.core.checks.CheckParameter;
+import carisma.modeltype.uml2.UMLHelper;
+import carisma.profile.umlsec.mltop10.MLTop10;
+import carisma.profile.umlsec.mltop10.MLTop10Util;
+
+/**
+ * analyzes an deployment diagram with respect to input manipulation rules.
+ * 
+ * @author Alexander Peikert
+ *
+ */
+
+public class InputManipulationCheck implements CarismaCheckWithID {
+
+	public static final String CHECK_ID = "carisma.check.mltop10checks.inputmanipulation";
+	public static final String CHECK_NAME = "MLTop10 Input Manipulation Check";
+
+	/**
+	 * the model to check.
+	 */
+	private Package model = null;
+
+	/**
+	 * AnalysisHost for report.
+	 */
+	private AnalysisHost analysisHost;
+	private ArrayList<Artifact> aiapplicationList;
+	private ArrayList<Artifact> mlmodelList;
+
+	public InputManipulationCheck() {
+		// TODO Auto-generated constructor stub
+	}
+
+	@Override
+	public final boolean perform(final Map<String, CheckParameter> parameters, final AnalysisHost newHost) {
+		if (newHost != null) {
+			this.analysisHost = newHost;
+		} else {
+			this.analysisHost = new DummyHost(true);
+		}
+		Resource currentModel = this.analysisHost.getAnalyzedModel();
+		if (currentModel.getContents().isEmpty()) {
+			this.analysisHost.addResultMessage(new AnalysisResultMessage(StatusType.WARNING, "Empty model"));
+			this.analysisHost.appendLineToReport("Empty model");
+			return false;
+		}
+		if (currentModel.getContents().get(0) instanceof Package) {
+			this.model = (Package) currentModel.getContents().get(0);
+			return startCheck();
+		}
+		this.analysisHost.addResultMessage(new AnalysisResultMessage(StatusType.WARNING, "Content is not a model!"));
+		this.analysisHost.appendLineToReport("Content is not a model!");
+		return false;
+	}
+
+	/**
+	 * main function that starts the check.
+	 * 
+	 * @return true if the model is correct according to data access control rules,
+	 *         false otherwise
+	 */
+
+	public boolean startCheck() {
+
+		boolean checkSuccessful = true;
+		boolean warningPotentialAttack = false;
+		int numMlModels = 0;
+		int numApplication = 0;
+
+		ArrayList<Artifact> artifactList = (ArrayList<Artifact>) UMLHelper.getAllElementsOfType(model, Artifact.class);
+		ArrayList<Artifact> mlmodelList = new ArrayList<Artifact>();
+		ArrayList<Artifact> aiapplicationList = new ArrayList<Artifact>();
+
+		// ----------------------------------------------------------------------------------------------
+		// Check if there are more / less than one ML Model and AI Application
+
+		for (int i = 0; i < artifactList.size(); i++) {
+			if (MLTop10Util.hasStereotype(artifactList.get(i), MLTop10.MLModel)) {
+				numMlModels++;
+				mlmodelList.add(artifactList.get(i));
+
+			}
+			if (MLTop10Util.hasStereotype(artifactList.get(i), MLTop10.AIApplication)) {
+				numApplication++;
+				aiapplicationList.add(artifactList.get(i));
+
+			}
+
+		}
+		if (numMlModels < 1 || numApplication < 1) {
+			this.analysisHost.addResultMessage(new AnalysisResultMessage(StatusType.INFO,
+					"Your model does not contain a ML Model or AI Application"));
+			return checkSuccessful;
+		} else if (numMlModels > 1 || numApplication > 1) {
+			this.analysisHost.addResultMessage(new AnalysisResultMessage(StatusType.INFO,
+					"Your model contains more than one ML Model or AI Application"));
+			checkSuccessful = false;
+			return checkSuccessful;
+		} else {
+			this.analysisHost.addResultMessage(
+					new AnalysisResultMessage(StatusType.INFO, "Your model contains a ML Model and an AI Application"));
+			Artifact mlmodel = mlmodelList.get(0);
+			List<Object> taggedValueAdversialTraining = null;
+			List<Object> taggedValueDefenseMechanism = null;
+			taggedValueAdversialTraining = MLTop10Util.getTaggedValues("AdversarialTraining", MLTop10.MLModel, mlmodel);
+			taggedValueDefenseMechanism = MLTop10Util.getTaggedValues("DefenseMechanism", MLTop10.MLModel, mlmodel);
+
+			if (taggedValueAdversialTraining.get(0).toString() == "false") {
+				this.analysisHost.addResultMessage(new AnalysisResultMessage(StatusType.WARNING,
+						"Your model ML Model is not secured against adversarial training"));
+				warningPotentialAttack = true;
+
+			}
+			if (taggedValueDefenseMechanism.get(0).toString() == "false") {
+				this.analysisHost.addResultMessage(new AnalysisResultMessage(StatusType.WARNING,
+						"Your model ML Model has no robust defense mechanism against manipulative attacks"));
+				warningPotentialAttack = true;
+			}
+
+			Artifact aiapplication = aiapplicationList.get(0);
+			List<Object> taggedValueInputValidation = null;
+			taggedValueInputValidation = MLTop10Util.getTaggedValues("InputValidation", MLTop10.AIApplication,
+					aiapplication);
+
+			if (taggedValueInputValidation.get(0).toString() == "false") {
+				this.analysisHost.addResultMessage(new AnalysisResultMessage(StatusType.WARNING,
+						"Your model AI Application does not perform input validation"));
+				warningPotentialAttack = true;
+			}
+
+			if (warningPotentialAttack == true) {
+				this.analysisHost.addResultMessage(
+						new AnalysisResultMessage(StatusType.WARNING, "An Input Mainpulation Attack is possible!"));
+			}
+
+		}
+		return checkSuccessful;
+
+	}
+
+	@Override
+	public String getCheckID() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+}

plugins/carisma.profile.umlsec.mltop10/META-INF/MANIFEST.MF

@@ -8,7 +8,8 @@ Bundle-ClassPath: .
 Bundle-Vendor: %providerName
 Bundle-Localization: plugin
 Bundle-RequiredExecutionEnvironment: JavaSE-17
-Export-Package: mltop10,
+Export-Package: carisma.profile.umlsec.mltop10,
+ mltop10,
  mltop10.impl,
  mltop10.util
 Require-Bundle: org.eclipse.core.runtime,

plugins/carisma.profile.umlsec.mltop10/gen-src/mltop10/AIApplication.java

@@ -17,6 +17,8 @@
  * <ul>
  *   <li>{@link mltop10.AIApplication#getBase_Artifact <em>Base Artifact</em>}</li>
  *   <li>{@link mltop10.AIApplication#isInputValidation <em>Input Validation</em>}</li>
+ *   <li>{@link mltop10.AIApplication#isCheckModelResultAuthenticity <em>Check Model Result Authenticity</em>}</li>
+ *   <li>{@link mltop10.AIApplication#isTamperEvidentLogging <em>Tamper Evident Logging</em>}</li>
  * </ul>
  *
  * @see mltop10.Mltop10Package#getAIApplication()
@@ -76,4 +78,56 @@ public interface AIApplication extends EObject {
 	 */
 	void setInputValidation(boolean value);
 
+	/**
+	 * Returns the value of the '<em><b>Check Model Result Authenticity</b></em>' attribute.
+	 * <!-- begin-user-doc -->
+	 * <p>
+	 * If the meaning of the '<em>Check Model Result Authenticity</em>' attribute isn't clear,
+	 * there really should be more of a description here...
+	 * </p>
+	 * <!-- end-user-doc -->
+	 * @return the value of the '<em>Check Model Result Authenticity</em>' attribute.
+	 * @see #setCheckModelResultAuthenticity(boolean)
+	 * @see mltop10.Mltop10Package#getAIApplication_CheckModelResultAuthenticity()
+	 * @model dataType="org.eclipse.uml2.types.Boolean" required="true" ordered="false"
+	 * @generated
+	 */
+	boolean isCheckModelResultAuthenticity();
+
+	/**
+	 * Sets the value of the '{@link mltop10.AIApplication#isCheckModelResultAuthenticity <em>Check Model Result Authenticity</em>}' attribute.
+	 * <!-- begin-user-doc -->
+	 * <!-- end-user-doc -->
+	 * @param value the new value of the '<em>Check Model Result Authenticity</em>' attribute.
+	 * @see #isCheckModelResultAuthenticity()
+	 * @generated
+	 */
+	void setCheckModelResultAuthenticity(boolean value);
+
+	/**
+	 * Returns the value of the '<em><b>Tamper Evident Logging</b></em>' attribute.
+	 * <!-- begin-user-doc -->
+	 * <p>
+	 * If the meaning of the '<em>Tamper Evident Logging</em>' attribute isn't clear,
+	 * there really should be more of a description here...
+	 * </p>
+	 * <!-- end-user-doc -->
+	 * @return the value of the '<em>Tamper Evident Logging</em>' attribute.
+	 * @see #setTamperEvidentLogging(boolean)
+	 * @see mltop10.Mltop10Package#getAIApplication_TamperEvidentLogging()
+	 * @model dataType="org.eclipse.uml2.types.Boolean" required="true" ordered="false"
+	 * @generated
+	 */
+	boolean isTamperEvidentLogging();
+
+	/**
+	 * Sets the value of the '{@link mltop10.AIApplication#isTamperEvidentLogging <em>Tamper Evident Logging</em>}' attribute.
+	 * <!-- begin-user-doc -->
+	 * <!-- end-user-doc -->
+	 * @param value the new value of the '<em>Tamper Evident Logging</em>' attribute.
+	 * @see #isTamperEvidentLogging()
+	 * @generated
+	 */
+	void setTamperEvidentLogging(boolean value);
+
 } // AIApplication