Presentation is loading. Please wait.

Presentation is loading. Please wait.

OASIS CTI F2F – CybOX Session 1 www.oasis-open.org January 14, 2016.

Published byRosalyn Wright Modified over 8 years ago

Similar presentations

Presentation on theme: "OASIS CTI F2F – CybOX Session 1 www.oasis-open.org January 14, 2016."— Presentation transcript:

1 OASIS CTI F2F – CybOX Session 1 www.oasis-open.org January 14, 2016

2 www.oasis-open.org Ch-ch-ch-ch-changes

3 CybOX overview: history Initial driver: need for a standard to characterize cyber observables Standard was developed in an ad-hoc fashion to address evolving use cases Informed by MAEC, STIX, DFAX, and others Organic (resource-constrained) development led to divergent architecture With the benefit of hindsight and the shared experience of implementers, numerous deficits have come to light

4 CybOX overview: challenges ”We have a taxonomy gap!”

5 Focus: simplification, reducing duplicate mechanisms Prioritizing refactoring of most-commonly used CybOX Objects Primary design consideration: backward-compatible- breaking changes now, stability for the foreseeable future: New CybOX Objects will be added in sequential point releases targeting specific use cases, in service to community demand, building on a cohesive foundational rethinking of CybOX base constructs CybOX 3.0 base constructs will be architected with care to forestall impacting backward-compatibility in additive point releases CybOX 3.0 Design Philosophy

6 Refactoring and fixing issues with all existing CybOX objects in a single release is not achievable in a meaningful timeframe to address the pain currently experienced by the community Pragmatic approach: focus on a core set of CybOX Objects for the 3.0 release Meet the ≈80% need ASAP, iterate quickly from there… CybOX 3.0: Don’t bite off more than you can chew!

7 CybOX overview: ongoing refactoring approach Quantitative analysis: cti-statscti-stats A picture’s worth a thousand pull-requestspicture

8 CybOX Design: Object Hierarchy

9 Key Issue: how should the CybOX Object hierarchy be designed? Current parent/child (sub-class) based approach has several issues Excessive subclassing Inconsistency Instance content restriction Open Questions Does it make sense to organize Objects around a separate Extension structure? Or should we follow the more granular (non sub-class) philosophy of extensions, but instead define them as separate Objects using the existing structure? E.g., an NTFS File Object vs. an NTFS File Extension https://github.com/CybOXProject/schemas/wiki/CybOX-Design:-Object-Hierarchy-Structuring

10 Address Object Refactoring CybOX 2.1 Address CybOX 3.0 IP Address IPv4 Address IPv6 Address MAC Address Email Address Open Questions Should CIDR be the only supported notation for IP addresses? How should IP addresses be modeled? Should IPv4/IPv6 be an extension of IP Address? https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Address-Object-Refactoring

11 File Object Refactoring https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-File-Object-Refactoring Open Questions What default extensions make sense? Should File encompass other file-like Objects? Pipe Socket … Default Extensions File Metadata EXT3 File NTFS File Image File PDF File Archive File PE Binary File …

12 CybOX Design: Obj. Relationships

13 CybOX Design: Object Relationships? Key Issue Relationships between Objects can be expressed in two different ways Directly embedded via Fields Indirectly via an Object Relationship For the sake of simplicity (“one way of doing things”) we should use a single approach Open Questions Does it make sense to express Object Object relationships ONLY via an explicit Relationship construct? How should the corner case of relationships between Object Types and other Objects be handled? How should we deal with Objects such as the Socket Address that are exclusively defined based on other Objects? https://github.com/CybOXProject/schemas/wiki/CybOX-Design:-Relationships-vs.-Embedded-Objects

14 Just the facts, ma’am… Ongoing debate about where patterning should live… There’s a prevalent notion that CybOX should be the alphabet and that other related standards should define the semantic context. Just food for thought…

15 Iterating: point releases Mobile Objects Android iOS SCADA Objects Additional Layer 7 Objects FTP SMTP IRC TAXII over TOR Document File Objects OLE DOC PPT DOCX Comprehensive network forensics Comprehensive endpoint forensics …

16 Going deeper down the rabbit hole… Proposal: a week-long F2F focused on CybOX extension, in collaboration with DFAX, MAEC, and other non-OASIS stakeholders sometime Q3 2016?

Download ppt "OASIS CTI F2F – CybOX Session 1 www.oasis-open.org January 14, 2016."

Similar presentations

Design Brief Example Your Name Here This is similar to what we use on the Cisco.com team.

Design Brief Example Your Name Here This is similar to what we use on the Cisco.com team.
Ambition in Action. Ambition in Action www.sit.nsw.edu.au Preparing and Presenting an Effective Business Case Presentation to HIMAA July 2010.

Ambition in Action. Ambition in Action Preparing and Presenting an Effective Business Case Presentation to HIMAA July 2010.
International Relations Theory

International Relations Theory
How did we get here? (CMIS v0.5) F2F, January 2009.

How did we get here? (CMIS v0.5) F2F, January 2009.
Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.

Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.
PREMIS Conformance. Agenda 1.NLNZ and NLB conformance exercise 2.History of PREMIS Conformance 3.Current status 4.Mapping to functionality.

PREMIS Conformance. Agenda 1.NLNZ and NLB conformance exercise 2.History of PREMIS Conformance 3.Current status 4.Mapping to functionality.
Priority Research Direction (I/O Models, Abstractions and Software) Key challenges What will you do to address the challenges? – Develop newer I/O models.

Priority Research Direction (I/O Models, Abstractions and Software) Key challenges What will you do to address the challenges? – Develop newer I/O models.
Danah boyd, Jeff Potter, Fernanda Viegas. Sociable Media, MIT Media Lab. Sunbelt. 17 February 2002 Fragmentation of identity through structural holes in.

Danah boyd, Jeff Potter, Fernanda Viegas. Sociable Media, MIT Media Lab. Sunbelt. 17 February 2002 Fragmentation of identity through structural holes in.
ECM RFP 101 Presented by: Carol Mitchell C.M. Mitchell Consulting.

ECM RFP 101 Presented by: Carol Mitchell C.M. Mitchell Consulting.
1 Layers Data from IBM-Rational and Craig Larman’s text integrated into these slides. These are great references… Slides from these sources have been modified.

1 Layers Data from IBM-Rational and Craig Larman’s text integrated into these slides. These are great references… Slides from these sources have been modified.
Systems Engineering in a System of Systems Context

Systems Engineering in a System of Systems Context
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.

Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
Measuring the Measurement An Analysis of Spatial Measurement in Elementary & Middle School Curricula Lorraine Males, Jack Smith, & the STEM Project team.

Measuring the Measurement An Analysis of Spatial Measurement in Elementary & Middle School Curricula Lorraine Males, Jack Smith, & the STEM Project team.
Challenges in moving to Agile and how to deal with them Katrin Noor 2013.

Challenges in moving to Agile and how to deal with them Katrin Noor 2013.
3G.IP/01.09.06.13R1 3G.IP 2002 Charter. 3G.IP/01.09.06.13R1 2 3G.IP Mission Statement u Actively promote a common IP based wireless system for third generation.

3G.IP/ R1 3G.IP 2002 Charter. 3G.IP/ R1 2 3G.IP Mission Statement u Actively promote a common IP based wireless system for third generation.
Chapter 7 Requirement Modeling : Flow, Behaviour, Patterns And WebApps.

Chapter 7 Requirement Modeling : Flow, Behaviour, Patterns And WebApps.
EPortfolios: Getting started with Mahara. Ambition in Action www.sit.nsw.edu.au ePortfolios:Getting started with Mahara /What is an ePortfolio /Examples.

EPortfolios: Getting started with Mahara. Ambition in Action ePortfolios:Getting started with Mahara /What is an ePortfolio /Examples.
1 CIM User Group Conference Call december 8th 2005 Using UN/CEFACT Core Component methodology for EIC/TC 57 works and CIM Jean-Luc SANSON Electrical Network.

1 CIM User Group Conference Call december 8th 2005 Using UN/CEFACT Core Component methodology for EIC/TC 57 works and CIM Jean-Luc SANSON Electrical Network.
2005 Adobe Systems Incorporated. All Rights Reserved. 1 Ontolog Forum Gunar Penikis Sr. Product Manager Adobe Systems.

2005 Adobe Systems Incorporated. All Rights Reserved. 1 Ontolog Forum Gunar Penikis Sr. Product Manager Adobe Systems.
Web Design ΕΠΛ 435: Αλληλεπίδραση Ανθρώπου Υπολογιστή.

Web Design ΕΠΛ 435: Αλληλεπίδραση Ανθρώπου Υπολογιστή.

Similar presentations

Ads by Google