Presentation is loading. Please wait.

Presentation is loading. Please wait.

CTI CybOX SC Meeting www.oasis-open.org November 19, 2015.

Published byAllen Greene Modified over 8 years ago

Similar presentations

Presentation on theme: "CTI CybOX SC Meeting www.oasis-open.org November 19, 2015."— Presentation transcript:

1 CTI CybOX SC Meeting www.oasis-open.org November 19, 2015

2 www.oasis-open.org Agenda Recent discussions recap Maturity spectrum/cti-stats discussion CybOX 3.0 roadmap update File object refactoring OASIS work product status & discussion

3 Recent Discussions Address object refactoring Splitting up the existing Address object into more “atomic” entities HashType refactoring Making it easier to capture common (e.g., MD5) hash values Observable revocation

4 Maturity Spectrum http://cyboxproject.github.io/maturity-spectrum/ Three-tiered model for capturing the relative maturity of CybOX components Semantic consensus Semantic completeness Existing use Informed by cti-stats Used to inform our CybOX 3.0+ decisions What should we focus on refactoring and improving now? What should we leave for later versions?

5 cti-stats I http://cyboxproject.github.io/cti-stats/ Up-to-date statistics around usage of STIX and CybOX components STIX entities CybOX objects STIX ObjectsCountsPercentages Campaign1010.02% Course of Action100.00% Exploit Target180.00% Incident30.00% Indicator49794498.99% Report00.00% TTP47360.94% Threat Actor2280.05%

6 cti-stats II CybOX ObjectsCountsPercentages Address19440030.24% Artifact480.01% DomainName19491530.32% EmailMessage15150.24% File219283.41% Hostname130.00% HTTPSession1850.03% Link2550.04% Memory400.01% Mutex13320.21% NetworkConnection300.00% PDFFile60.00% Port36960.58% URI21888934.05% Whois5390.08% WinExecutableFile5510.09% WinRegistryKey44370.69%

7 cti-stats III

8 CybOX 3.0 Roadmap Update We’re considering merging CybOX Core and Common, in addition to performing any streamlining around them They serve similar purposes “Common” is only truly common to CybOX We want to avoid basing our refactoring on reductionist reasoning based on just the simple constructs in use today Therefore, in addition to the simpler Object types that we see in use in the wild today, we’ll select 3-5 additional, more complex Objects for refactoring

9 File Object Refactoring I https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-File-Object- Refactoring There are a number of existing issues with the File object and its subclasses: Conflation of generic file properties with those related to file systems and disk-level representation There are certain fields that may be specific to Windows and no other platforms There currently are LOTS of subclasses of the File object: File Archive File Image File PDF File Unix File Windows File Windows Executable File

10 File Object Refactoring II

11 File Object Refactoring III { "hashes" : [{"type":"md5", "hash_value":"3773a88f65a5e780c8dff9cdc3a056f3"}], "size" : 25537, "file_system_properties":{"file_name":{"delimiter":"/", "components":["usr","tmp","foo.exe"]}}, "extensions": [{"type":"EXT3FileExtension", "inode":"34483923"}, {"type":"PEBinaryFileExtension", "exports":[{"name":"foo_app"}]}] }

12 OASIS Work Product Update CybOX 2.1.1 40 specifications out of 94 reviewed and edited https://github.com/CybOXProject/specifications/tree/master/documents ETA: Late November/Early December

13 Next meeting December 10 th -20 th ?

Download ppt "CTI CybOX SC Meeting www.oasis-open.org November 19, 2015."

Similar presentations

How did we get here? (CMIS v0.5) F2F, January 2009.

How did we get here? (CMIS v0.5) F2F, January 2009.
Software Frame Simulator (SFS) Technion CS Computer Communications Lab (236340) in cooperation with ECI telecom Uri Ferri & Ynon Cohen January 2007.

Software Frame Simulator (SFS) Technion CS Computer Communications Lab (236340) in cooperation with ECI telecom Uri Ferri & Ynon Cohen January 2007.
© 2013 The MITRE Corporation. All rights reserved. Sean Barnum March 2013 https://stix.mitre.org Sponsored by the US Department of Homeland Security Enabling.

© 2013 The MITRE Corporation. All rights reserved. Sean Barnum March Sponsored by the US Department of Homeland Security Enabling.
WTX Overview.

WTX Overview.
Web Ontology Language for Service (OWL-S). Introduction OWL-S –OWL-based Web service ontology –a core set of markup language constructs for describing.

Web Ontology Language for Service (OWL-S). Introduction OWL-S –OWL-based Web service ontology –a core set of markup language constructs for describing.
1 The HyperText Transfer Protocol: HTTP Nick Smith Stuart Alley Tara Tjaden.

1 The HyperText Transfer Protocol: HTTP Nick Smith Stuart Alley Tara Tjaden.
Stop Programming and Start Modeling: Developing Work- Centered Semantic Applications † Semantic Technology Conference May 23, 2007 Andrew Crapo Amy Aragones,

Stop Programming and Start Modeling: Developing Work- Centered Semantic Applications † Semantic Technology Conference May 23, 2007 Andrew Crapo Amy Aragones,
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.

Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
Annie Griffith December 2007 December 2007 Gemini OSU - UKLC Update.

Annie Griffith December 2007 December 2007 Gemini OSU - UKLC Update.
Robert Sharpe, Tessella PRELIDA Workshop 2013 ENSURE Linked Data Registry.

Robert Sharpe, Tessella PRELIDA Workshop 2013 ENSURE Linked Data Registry.
CTI STIX SC Kickoff Meeting www.oasis-open.org July 16, 2015.

CTI STIX SC Kickoff Meeting July 16, 2015.
Operating System 3 PROCESS DESCRIPTION AND CONTROL.

Operating System 3 PROCESS DESCRIPTION AND CONTROL.
Statistics New Zealand Classification Management System Andrew Hancock Statistics New Zealand Prepared for 2013 Meeting of the UN Expert Group on International.

Statistics New Zealand Classification Management System Andrew Hancock Statistics New Zealand Prepared for 2013 Meeting of the UN Expert Group on International.
Gary MarsdenSlide 1University of Cape Town Computer Architecture – Introduction Andrew Hutchinson & Gary Marsden (me) ( ) 2005.

Gary MarsdenSlide 1University of Cape Town Computer Architecture – Introduction Andrew Hutchinson & Gary Marsden (me) ( ) 2005.
DEVSView: A DEVS Visualization Tool Wilson Venhola.

DEVSView: A DEVS Visualization Tool Wilson Venhola.
INF 384 C, Spring 2009 Ontologies Knowledge representation to support computer reasoning.

INF 384 C, Spring 2009 Ontologies Knowledge representation to support computer reasoning.
Plan My Move & MilitaryINSTALLATIONS May, 2008 Relocation Personnel Roles and Responsibilities MC&FP.

Plan My Move & MilitaryINSTALLATIONS May, 2008 Relocation Personnel Roles and Responsibilities MC&FP.
Functional Modeling 081 0. Question How do you know if you have enough information to compute the necessary output values? How do you know if you have.

Functional Modeling Question How do you know if you have enough information to compute the necessary output values? How do you know if you have.
Open Data Protocol * Han Wang 11/30/2012 *

Open Data Protocol * Han Wang 11/30/2012 *
Operating System 3 PROCESS DESCRIPTION AND CONTROL.

Operating System 3 PROCESS DESCRIPTION AND CONTROL.

Similar presentations

Ads by Google