nmfta-repo / vcr-experiment Goto Github PK
View Code? Open in Web Editor NEWThis project forked from automotivedevops/requirements
License: MIT License
This project forked from automotivedevops/requirements
License: MIT License
part of #33
the strictdoc dev, Stanislav, infomed us that the heuristic for detecting multi-line fields is going to change: soon all fields above TITLE in the grammar will be single-line and all those below will be multi-line strictdoc-project/strictdoc#1210 (comment)
For our grammar that means moving the following up to above TITLE in
vcr-experiment/01_gateways.sdoc
Line 20 in 8a4b485
Line 23 in 8a4b485
Executing these changes will put diffs all over the files to re-order the fields. Because we still have #53 in-flight we will need to wait until that is merged before we can safely do this change. @jmaag15 that's a ++ to do a review there please ๐
All of the requirements:
CGW-S-006 Won't Drop Frames
CGW-S-007 No Priority Inversion
CGW-S-008 Preserves Ordering
CGW-S-009 FIFO but Also Priority
CGW-S-010 Preserves Jitter
must be satisfied to in turn satisfy CGW-S-005 Preserves Atomic Multicast. Should these be composite requirements or children?
and include a download link from the docs
AGW-S-008 is a child of NGW-F-001 -- so is NGW-S-001 which makes sense. But where should the Abstract GW AGW-S-008 security assurance requirement be rooted? Perhaps AGW-S-005 Prevents Elevation ?
we agreed to use the TND and UND acronyms when referring to the trusted/untrusted / trustworthy/un and inside/outside domains. But we should probably define what is expected of those domains so that fleets and OEM can evaluate applicability of the requirements.
part of #33
related to #16: AGW-F-003 is a currently a composite requirement that needs to have all of it's component requirements satisfied. Whereas the other composite requirements need to have one of their component requirements satisfied.
The requirements here use the parent ref to indicate that the child requirement 'replaces' the parent requirement in a more specific context.
That should be captured in the intro to subsections for these more specific contexts e.g. Security Requirements for CAN Gateways
rewrite or masking can be used to prevent exfil in systems other than CAN. It is also one of the ways to prevent exfil alongside encryption which is what AGW-F-005 will be moved to (see issue #5 )
since there is no way to model composite requirements in ReqIF (nor in requirements management tools strictdoc-project/strictdoc#630 (reply in thread)) the use of them should be avoided here
Rate limiting is 'a means' of filtering but doesn't replace the filters requirement. This is probably better modeled as a composite requirement rather than parent-child.
AGW-F-005 Protect Confidentiality is the child of AGW-F-004. This is perhaps a security requirement in the functional requirements section. Should it move to security requirements and keep the same parent? OR is the protection of confidentiality of vehicle data (for the fleet) a functional requirement of the gateway and this is correctly rooted?
To make it clearer what ISN'T PERMITTED of "Devices NOT Intended to be a Gateway" : take each of AGW-F- requirements and list them as composite members of NGW-F-011
The CGW-S-100 Impervious to Address Claim Attacks under AGW-S-002 Prevents DoS seems like the correct rooting of the requirement and prevention of that attack is desirable. I think the presence of this single attack in the set of requirements needs to be abstracted OR we need to complete the set of attacks under CAN.
part of #33
There's nothing about this requirement that is CAN specific. It should be an Abstract (Intended) Gateway (AGW-S-) security requirement
We're producing a set of security requirements so the functional requirements are out of place.
Articulating them helped us define what security assurances are required to prevent unwanted actions by unintended gateways.
It could also help by making the definition of a gateway clearer -- which will help in https://github.com/nmfta-repo/nmfta-vehicle_cybersecurity_requirements when fleets need to assign classes to devices.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.