Model Interactions
This page is normative
This page is considered a core part of the Vultron Protocol. This is a normative section of the documentation.
Here we reflect on the interactions between the RM, EM, and CS models within the overall Vultron process.
Participant-Agnostic vs Participant-Specific Aspects
This sounds like SSVC
In SSVC, we distinguish between stakeholder-specific and stakeholder-agnostic decision points when describing vulnerability response decisions. Here, we carry a similar distinction into the CVD process. Some facts about a case are participant-specific, while others are global to the case, or participant-agnostic.
Some aspects of the Vultron process are Participant-agnostic (i.e., they represent a global state of the case), while others are specific to a Participant. Specifically, the RM process is unique to each Participant, while the EM process is global to all Participants in a case. The CS process is a hybrid: some aspects are Participant-agnostic, while others are Participant-specific, which we will discuss in more detail below.
Interactions between all these processes affect the overall MPCVD process for a case. The following diagram illustrates this distinction.
stateDiagram-v2
direction LR
PA: Participant-Agnostic
state PA {
EM
CS_pxa
EM --> CS_pxa
CS_pxa --> EM
}
PS: Participant-Specific
state PS {
RM
CS_vfd
RM --> CS_vfd
CS_vfd --> RM
}
PA --> PS
PS --> PA Global vs. Participant-Specific Aspects of the CS Model
The CS model encompasses both Participant-specific and Participant-agnostic aspects of a CVD case. In particular, the Vendor fix path substates—Vendor unaware (vfd), Vendor aware (Vfd), fix ready (VFd), and fix deployed (VFD)—are specific to each Vendor Participant in a case. On the other hand, the remaining substates represent Participant-agnostic facts about the case status—public awareness (p,P), exploit public (x,X), and attacks observed (a,A). This distinction in perspectives will become important in the Formal Protocol definition.
---
title: Case State Diagram showing Participant-Agnostic and Participant-Specific Aspects
---
stateDiagram-v2
direction LR
CS: Case State Model
state CS {
ps: Participant-Specific
state ps {
[*] --> vfd
vfd --> Vfd : V
Vfd --> VFd : F
VFd --> VFD : D
VFD --> [*]
}
--
g: Participant-Agnostic
state g {
[*] --> pxa
pxa --> Pxa : P
pxa --> pXa : X
pxa --> pxA : A
pXa --> PXa : P
pXa --> pXA : A
pxA --> PxA : P
pxA --> pXA : X
Pxa --> PxA : A
Pxa --> PXa : X
pXA --> PXA : P
PXa --> PXA : A
PxA --> PXA : X
PXA --> [*]
}
}
[*] --> CS
CS --> [*]Summary
Participant-Agnostic Aspects
Participant-agnostic aspects of the MPCVD process are those that represent facts about the world with respect to a case.
Participant-Agnostic Examples
- The Embargo Management process is global to all Participants in a case
- As is the Public State portion of the Case State process
Participant-Specific Aspects
Participant-specific aspects of the MPCVD process are those that represent facts about a Participant's internal state with respect to a case.
Participant-Specific Examples
- The Report Management process is unique to each Participant.
- So is the Vendor Fix Path portion of the Case State process.