Test Harness — Results Explorer

Visualize compensating-control effectiveness across STRIDE-HC scenarios from a harness CSV

This page renders any harness results CSV as a (scenario × control profile) matrix. By default it loads results/sample-results.csv from this repo, which shows the representative run referenced in paper §9.3. You can also upload your own CSV produced by make matrix.

Read METHODOLOGY.md Download sample CSV
SUCCESS / REACHABLE — attack worked MITIGATED — partial mitigation BLOCKED — control fully effective ERROR — scenario failed

Summary

Outcome matrix
Click any cell to see the timestamp, exact outcome label, and detail text.

Interpretation

Read top-to-bottom: each row is a STRIDE-HC attack scenario; the cell colour in each column shows whether that attack succeeded against that control profile.

Read left-to-right: each column is a compensating-control configuration. The further right you go, the more of the row should turn green.

The expected pattern (see METHODOLOGY.md) is that segmentation alone blocks Spoofing (S), Information Disclosure (I), and DoS (D) — because all three depend on Layer-2/3 attacker positioning — but does not block Tampering (T) or EoP (E) which target the management interface. IPS and PAM each block T and E for different reasons. The "all" column should be green everywhere.

If the results diverge from the expected pattern: it may indicate a control gap, a scenario implementation issue, or an emulator behaviour mismatch with real-world devices. Worth investigating.