From cd00b894bee86c025b010dd21bbf93f82de88922 Mon Sep 17 00:00:00 2001 From: Peter Kaloroumakis Date: Wed, 28 Jun 2023 17:51:44 -0600 Subject: [PATCH] fix datatype specs and add missing labels --- src/ontology/d3fend-protege.ttl | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/src/ontology/d3fend-protege.ttl b/src/ontology/d3fend-protege.ttl index 7398c687..0fd6c4ab 100644 --- a/src/ontology/d3fend-protege.ttl +++ b/src/ontology/d3fend-protege.ttl @@ -226,6 +226,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh rdfs:subPropertyOf :d3fend-object-property . :d3fend-general-object-property a owl:ObjectProperty ; + rdfs:label "d3fend-general-object-property" ; rdfs:subPropertyOf :d3fend-object-property . :d3fend-kb-object-property a owl:ObjectProperty ; @@ -237,6 +238,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh rdfs:subPropertyOf owl:topObjectProperty . :d3fend-process-object-property a owl:ObjectProperty ; + rdfs:label "d3fend-process-object-property" ; rdfs:subPropertyOf :d3fend-object-property . :d3fend-tactical-verb-property a owl:ObjectProperty ; @@ -305,6 +307,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh :definition "x employed-by y: An entity x is put into service by a technique or agent y. Inverse of y employs x." . :employs a owl:ObjectProperty ; + rdfs:label "employs" ; rdfs:subPropertyOf :associated-with . :enabled-by a owl:ObjectProperty ; @@ -328,6 +331,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh :definition "x encrypts y: The entity x converts the ordinary representation of a digital artifact y into a secret code." . :end a owl:ObjectProperty ; + rdfs:label "end" ; rdfs:subPropertyOf :d3fend-process-object-property . :enumerates a owl:ObjectProperty ; @@ -407,6 +411,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh rdfs:seeAlso . :fork a owl:ObjectProperty ; + rdfs:label "fork" ; rdfs:subPropertyOf :d3fend-process-object-property . :hardens a owl:ObjectProperty ; @@ -424,9 +429,11 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh rdfs:subPropertyOf :d3fend-use-case-object-property . :has-contribution a owl:ObjectProperty ; + rdfs:label "has-contribution" ; rdfs:subPropertyOf :d3fend-kb-object-property . :has-contributor a owl:ObjectProperty ; + rdfs:label "has-contributor" ; rdfs:subPropertyOf :d3fend-kb-object-property . :has-dependent a owl:ObjectProperty ; @@ -465,6 +472,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh rdfs:subPropertyOf :d3fend-use-case-object-property . :has-procedure a owl:ObjectProperty ; + rdfs:label "has-procedure" ; rdfs:subPropertyOf :d3fend-general-object-property . :has-recipient a owl:ObjectProperty ; @@ -494,10 +502,12 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh :definition "x hides y: A technique or operation x conceals the digital artifact y." . :identified-by a owl:ObjectProperty ; + rdfs:label "identified-by" ; rdfs:subPropertyOf :associated-with ; owl:inverseOf :identified-by . :identifies a owl:ObjectProperty ; + rdfs:label "identifies" ; rdfs:subPropertyOf :associated-with . :impairs a owl:ObjectProperty ; @@ -766,6 +776,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh rdfs:subPropertyOf :may-evict . :may-evaluate a owl:ObjectProperty ; + rdfs:label "may-evaluate" ; rdfs:subPropertyOf :may-be-associated-with . :may-evict a owl:ObjectProperty ; @@ -885,6 +896,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh :definition "x neutralizes y: The technique x makes the execution of actions of y ineffective by preventing or counterbalancing the effect of y." . :next a owl:ObjectProperty ; + rdfs:label "next" ; rdfs:subPropertyOf :d3fend-process-object-property . :obfuscates a owl:ObjectProperty ; @@ -1056,6 +1068,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh . :start a owl:ObjectProperty ; + rdfs:label "start" ; rdfs:subPropertyOf :d3fend-process-object-property . :strengthens a owl:ObjectProperty ; @@ -1174,9 +1187,11 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh :definition "x comment y: The d3fend object x a d3fend team specific comment y. Not for use external to the MITRE development team." . :cwe-id a owl:AnnotationProperty ; + rdfs:label "cwe-id" ; rdfs:subPropertyOf :cwe-kb-annotation . :cwe-kb-annotation a owl:AnnotationProperty ; + rdfs:label "cwe-kb-annotation" ; rdfs:subPropertyOf :d3fend-annotation . :d3fend-annotation a owl:AnnotationProperty ; @@ -1189,6 +1204,7 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh rdfs:subPropertyOf :d3fend-annotation . :d3fend-display-annotation a owl:AnnotationProperty ; + rdfs:label "d3fend-display-annotation" ; rdfs:subPropertyOf :d3fend-annotation . :d3fend-kb-annotation-property a owl:AnnotationProperty ; @@ -1235,6 +1251,7 @@ dcterms:title a owl:AnnotationProperty ; :definition "A statement that represents something in words." . :display-baseurl a owl:AnnotationProperty ; + rdfs:label "display-baseurl" ; rdfs:subPropertyOf :d3fend-display-annotation ; :definition "A base string to use as prefix to create a full URL for an entity. The baseurl must end in a forward slash: /" . @@ -1245,6 +1262,7 @@ dcterms:title a owl:AnnotationProperty ; :todo "This should be an annotation property." . :display-priority a owl:AnnotationProperty ; + rdfs:label "display-priority" ; rdfs:subPropertyOf :d3fend-display-annotation . :draft a owl:AnnotationProperty ; @@ -23398,7 +23416,7 @@ In order to convince the potential attacker that the deception environment is th a :InternetArticleReference, owl:NamedIndividual ; rdfs:label "Reference - Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise - CISA" ; - :has-link "https://www.cisa.gov/news-events/analysis-reports/ar21-134a" ; + :has-link "https://www.cisa.gov/news-events/analysis-reports/ar21-134a"^^xsd:anyURI ; :kb-organization "CISA" ; :kb-reference-of :CredentialRotation ; :kb-reference-title "Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise" . @@ -25224,7 +25242,7 @@ If a process is conducting a traversal of the directory and accessing files acco :Reference-FileIntegrityMonitoringinMicrosoftDefenderforCloud-Microsoft a owl:NamedIndividual, :UserManualReference ; rdfs:label "Reference - File Integrity Monitoring in Microsoft Defender for Cloud - Microsoft" ; - :has-link "https://learn.microsoft.com/en-us/azure/defender-for-cloud/file-integrity-monitoring-overview" ; + :has-link "https://learn.microsoft.com/en-us/azure/defender-for-cloud/file-integrity-monitoring-overview"^^xsd:anyURI ; :kb-organization "Microsoft" ; :kb-reference-of :FileIntegrityMonitoring ; :kb-reference-title "File Integrity Monitoring in Microsoft Defender for Cloud" . @@ -26220,7 +26238,7 @@ While this analytic does not take the user into account, doing so could generate :Reference-PasswordandKeyRotation-SSH a :InternetArticleReference, owl:NamedIndividual ; rdfs:label "Reference - Password and Key Rotation - SSH" ; - :has-link "https://www.ssh.com/academy/iam/password-key-rotation" ; + :has-link "https://www.ssh.com/academy/iam/password-key-rotation"^^xsd:anyURI ; :kb-organization "SSH" ; :kb-reference-of :CredentialRotation ; :kb-reference-title "Password and Key Rotation" . @@ -26379,7 +26397,7 @@ Powershell can be used to hide monitored command line execution such as: :Reference-PsSuspend a owl:NamedIndividual, :SpecificationReference ; rdfs:label "Reference - PsSuspend - Microsoft" ; - :has-link "https://learn.microsoft.com/en-us/sysinternals/downloads/pssuspend" ; + :has-link "https://learn.microsoft.com/en-us/sysinternals/downloads/pssuspend"^^xsd:anyURI ; :kb-author "Mark Russinovich" ; :kb-organization "Microsoft" ; :kb-reference-of :ProcessSuspension ; @@ -26561,7 +26579,7 @@ All of these behaviors call into the Windows API, which uses the NamedPipe WINRE :Reference-RevokingaPreviouslyIssuedVerifiableCredential-Microsoft a owl:NamedIndividual, :SpecificationReference ; rdfs:label "Reference - Revoke a previously issued verifiable credential - Microsoft" ; - :has-link "https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/how-to-issuer-revoke" ; + :has-link "https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/how-to-issuer-revoke"^^xsd:anyURI ; :kb-author "Barclay Neira, Christer Ljung, Juan Camilo Ruiz, John Flores" ; :kb-organization "Microsoft" ; :kb-reference-of :CredentialRevoking ; @@ -27113,7 +27131,7 @@ and deploy decoy physical or virtual endpoints.""" ; :Reference-SystemAndMethodForProvidingAnonymousRemailingAndFilteringOfElectronicMail_Nokia a owl:NamedIndividual, :PatentReference ; rdfs:label "Reference - System and method for providing anonymous remailing and filtering of electronic mail - Nokia" ; - :has-link "https://patents.google.com/patent/JPH11161574A" ; + :has-link "https://patents.google.com/patent/JPH11161574A"^^xsd:anyURI ; :kb-abstract "To make anonymous a sender name present on an actual transmission source address by including an alias transmission source address substitution unit and removing the actual transmission source address from an electronic mail message. SOLUTION: A hash value of the destination address of an electronic mail message is calculated (S330). Then, (n) blank bytes are added to a compressed actual transmission source address (S340). The true length of the actual transmission source address is hidden by adding blank bytes. Further, a 2nd bit field is added to a secret key saved locally in a remailer, and an extended secret key characteristic of the destination address is generated. Then, the compressed actual transmission source address is ciphered according to the data ciphering standards using the extended secret key characteristic of the destination address as a cipher key (S350). Further, the 2nd bit field is added to the ciphered and compressed actual transmission source address (S360)." ; :kb-author "Eran Gabber, Phillip B Gibbons, David Morris Kristol, Yossi Matias, Alain J Mayer" ; :kb-organization "Nokia of America Corp" ; @@ -27428,7 +27446,7 @@ In various embodiments, a name server transmits a canonical name as resolution t :Reference-Tripwire a owl:NamedIndividual, :UserManualReference ; rdfs:label "Reference - Tripwire" ; - :has-link "https://linux.die.net/man/8/tripwire" ; + :has-link "https://linux.die.net/man/8/tripwire"^^xsd:anyURI ; :kb-reference-of :FileIntegrityMonitoring ; :kb-reference-title "Reference - Tripwire" .