CTI CybOX SC Meeting www.oasis-open.org November 19, 2015.

Slides:

Advertisements

Similar presentations

How did we get here? (CMIS v0.5) F2F, January 2009.

Advertisements

Software Frame Simulator (SFS) Technion CS Computer Communications Lab (236340) in cooperation with ECI telecom Uri Ferri & Ynon Cohen January 2007.

© 2013 The MITRE Corporation. All rights reserved. Sean Barnum March Sponsored by the US Department of Homeland Security Enabling.

Web Ontology Language for Service (OWL-S). Introduction OWL-S –OWL-based Web service ontology –a core set of markup language constructs for describing.

1 The HyperText Transfer Protocol: HTTP Nick Smith Stuart Alley Tara Tjaden.

Stop Programming and Start Modeling: Developing Work- Centered Semantic Applications † Semantic Technology Conference May 23, 2007 Andrew Crapo Amy Aragones,

Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Annie Griffith December 2007 December 2007 Gemini OSU - UKLC Update.

Robert Sharpe, Tessella PRELIDA Workshop 2013 ENSURE Linked Data Registry.

CTI STIX SC Kickoff Meeting July 16, 2015.

Operating System 3 PROCESS DESCRIPTION AND CONTROL.

Statistics New Zealand Classification Management System Andrew Hancock Statistics New Zealand Prepared for 2013 Meeting of the UN Expert Group on International.

Gary MarsdenSlide 1University of Cape Town Computer Architecture – Introduction Andrew Hutchinson & Gary Marsden (me) ( ) 2005.

DEVSView: A DEVS Visualization Tool Wilson Venhola.

INF 384 C, Spring 2009 Ontologies Knowledge representation to support computer reasoning.

Plan My Move & MilitaryINSTALLATIONS May, 2008 Relocation Personnel Roles and Responsibilities MC&FP.

Functional Modeling Question How do you know if you have enough information to compute the necessary output values? How do you know if you have.

Open Data Protocol * Han Wang 11/30/2012 *

Operating System 3 PROCESS DESCRIPTION AND CONTROL.

Component 4: Introduction to Information and Computer Science Unit 4: Application and System Software Lecture 3 This material was developed by Oregon Health.

ISURF -An Interoperability Service Utility for Collaborative Supply Chain Planning across Multiple Domains Prof. Dr. Asuman Dogac METU-SRDC Turkey METU.

P.Fiévet October 11, IT Support for the Reformed IPC Status report by the International Bureau Committee of Experts Thirty-Eighth session Geneva,

CTI STIX SC Monthly Meeting August 19, 2015.

Systems Analysis and Design in a Changing World, 3rd Edition

Design Patterns CSCI 5801: Software Engineering. Design Patterns.

30 October Agenda for Today Introduction and purpose of the course Introduction and purpose of the course Organization of a computer system Organization.

CPSC 372 John D. McGregor Module 3 Session 1 Architecture.

Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.

1 CCSDS Information Architecture Working Group Daniel J. Crichton, Chair NASA/JPL 14 September 2005.

NIST BIG DATA WG Reference Architecture Subgroup Agenda for the Subgroup Call Co-chairs: Orit Levin (Microsoft) James Ketner (AT&T) Don Krapohl (Augmented.

Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.

Chap#11 What is User Support?

1 CPS216: Data-intensive Computing Systems Operators for Data Access (contd.) Shivnath Babu.

11 CORE Architecture Mauro Bruno, Monica Scannapieco, Carlo Vaccari, Giulia Vaste Antonino Virgillito, Diego Zardetto (Istat)

CS212: Object Oriented Analysis and Design Lecture 34: UML Activity and Collaboration diagram.

Dictionary based interchanges for iSURF -An Interoperability Service Utility for Collaborative Supply Chain Planning across Multiple Domains David Webber.

Ontology Resource Discussion

Some Thoughts to Consider 8 How difficult is it to get a group of people, or a group of companies, or a group of nations to agree on a particular ontology?

Using WS-I to Build Secure Applications Anthony Nadalin Web Services Interoperability Organization (WS-I) Copyright 2008, WS-I, Inc. All rights reserved.

CTI STIX SC Monthly Meeting October 21, 2015.

CTI CybOX SC Meeting October 29, 2015.

CTI CybOX SC Meeting September 24, 2015.

CTI CybOX SC Meeting August 27, 2015.

Implementation of Embedded OS Lab3 Porting μC/OS-II.

Implementing PREMIS in DigiTool Michael Kaplan ALA 2007 Update.

CTI STIX SC Status Report October 22, 2015.

Long-term Archive Service Requirements November 9, 2004.

CTI STIX SC Monthly Meeting December 23, 2015.

Metadata Driven Aspect Specification Ricardo Ferreira, Ricardo Raminhos Uninova, Portugal Ana Moreira Universidade Nova de Lisboa, Portugal 7th International.

CTI CybOX SC Meeting December 17, 2015.

CTI STIX SC Status Report December 10, 2015.

OASIS CTI F2F – CybOX Session 1 January 14, 2016.

Method – Notation 8 Hours.

CTI STIX SC Monthly Meeting

Brian McCallum UWS, Web Services Unit 15 November 2011

Fourth IPC Workshop- IPC publication platform and other IPC-related Electronic products and Services Geneva February 21, 2017 Patrick Fiévet Head of IT.

knowledge organization for a food secure world

PDAP Query Language International Planetary Data Alliance

Cyber Standards User Council CTI-TC STIX Subcommittee Update

Briefing on STIX | TAXII

Top Level Sighting Object

The new Eurostat publications program

CTI Specification Organization

Sightings and Observations

Operating System 3 PROCESS DESCRIPTION AND CONTROL

CTI STIX SC Monthly Meeting

CPS216: Advanced Database Systems

CTI STIX SC Monthly Meeting

NIEM Tool Strategy Next Steps for Movement

Presentation transcript:

CTI CybOX SC Meeting November 19, 2015

Agenda Recent discussions recap Maturity spectrum/cti-stats discussion CybOX 3.0 roadmap update File object refactoring OASIS work product status & discussion

Recent Discussions Address object refactoring Splitting up the existing Address object into more “atomic” entities HashType refactoring Making it easier to capture common (e.g., MD5) hash values Observable revocation

Maturity Spectrum Three-tiered model for capturing the relative maturity of CybOX components Semantic consensus Semantic completeness Existing use Informed by cti-stats Used to inform our CybOX 3.0+ decisions What should we focus on refactoring and improving now? What should we leave for later versions?

cti-stats I Up-to-date statistics around usage of STIX and CybOX components STIX entities CybOX objects STIX ObjectsCountsPercentages Campaign % Course of Action100.00% Exploit Target180.00% Incident30.00% Indicator % Report00.00% TTP % Threat Actor %

cti-stats II CybOX ObjectsCountsPercentages Address % Artifact480.01% DomainName % Message % File % Hostname130.00% HTTPSession % Link % Memory400.01% Mutex % NetworkConnection300.00% PDFFile60.00% Port % URI % Whois % WinExecutableFile % WinRegistryKey %

cti-stats III

CybOX 3.0 Roadmap Update We’re considering merging CybOX Core and Common, in addition to performing any streamlining around them They serve similar purposes “Common” is only truly common to CybOX We want to avoid basing our refactoring on reductionist reasoning based on just the simple constructs in use today Therefore, in addition to the simpler Object types that we see in use in the wild today, we’ll select 3-5 additional, more complex Objects for refactoring

File Object Refactoring I Refactoring There are a number of existing issues with the File object and its subclasses: Conflation of generic file properties with those related to file systems and disk-level representation There are certain fields that may be specific to Windows and no other platforms There currently are LOTS of subclasses of the File object: File Archive File Image File PDF File Unix File Windows File Windows Executable File

File Object Refactoring II

File Object Refactoring III { "hashes" : [{"type":"md5", "hash_value":"3773a88f65a5e780c8dff9cdc3a056f3"}], "size" : 25537, "file_system_properties":{"file_name":{"delimiter":"/", "components":["usr","tmp","foo.exe"]}}, "extensions": [{"type":"EXT3FileExtension", "inode":" "}, {"type":"PEBinaryFileExtension", "exports":[{"name":"foo_app"}]}] }

OASIS Work Product Update CybOX specifications out of 94 reviewed and edited ETA: Late November/Early December

Next meeting December 10 th -20 th ?