-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New evict and recover techniques #240
Conversation
@netfl0 STILL WIP! But if time allows, please review to see if I'm on the right track |
Merging Dev
19c25fe
to
1163387
Compare
src/ontology/d3fend-protege.ttl
Outdated
@@ -2701,6 +2713,19 @@ BERT (language model). (n.d.). In Wikipedia. [Link](https://en.wikipedia.org/wik | |||
:kb-reference :Reference-TokenlessBiometricTransactionAuthorizationMethodAndSystem, | |||
:Reference-www.biometric-solutions.com_keystroke-dynamics . | |||
|
|||
:BlackHoleRoute a :BlackHoleRoute, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be its own taxonomy. Sometimes you might route for more monitoring/inspection.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah I agree that "BlackHoleRoute" might be too specific for a technique, will broaden the scope...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need feedback from others listed.
src/ontology/d3fend-protege.ttl
Outdated
@@ -14481,6 +14551,18 @@ Wikipedia. (n.d.). Nonlinear regression. [Link](https://en.wikipedia.org/wiki/No | |||
:d3fend-id "D3A-NPM" ; | |||
:definition "Numeric pattern matching uses a pattern specification and sees if the numeric value matches that pattern--simple forms include exact matching and range matching." . | |||
|
|||
:ObjectEviction a :ObjectEviction, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We DO need a broader category like this, Object is something specific in CCO however. Would like to get thoughts from @hack-sentinel @giacomodecolle and @johnbeve
Object will resonate with practitioners but has ontological issues.
We already use "Decoy Object", but I am deciding if we want to exacerbate this or move in another direction.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, "object" is a material entity in BFO/CCO. Have you considered using two labels, one for practitioners and one for ontologists? I think @johnbeve usually recommends prefLabel or altLabel.
Then we can also start thinking about a corresponding CCO mapping and label (e.g. "malicious information entity eviction").
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hack-sentinel @netfl0 I guess this is also related to how the current "Restore" tactic is set up since it has a "Restore Object" bucket. Personally, I'm in favor of this because otherwise we get into a situation where there are potentially too many buckets (Evict Hardware Object, Evict Software, etc)
What do yall think? Maybe we can use "Evict ARTIFACT" instead?
Before 8/16 commit: After: Notes
@netfl0 Please review |
I could see Rogue Device Removal as a possible addition... @apapaa do you have any further details or references on this? |
@netfl0 Are there any further changes that need to be made? I don't think the AccessMediator thing is an issue. |
Edits:
|
@ryantxu1 and @netfl0
|
I think so. I think we're trying to avoid the notion of getting it physically returned. However, CRLs use the same terminology. In D3FEND 1.0 we should also change CredentialRevoking to CredentialRevocation . cc @hack-sentinel |
Renaming complete |
@@ -4046,10 +4046,10 @@ Effective implementation requires identifying any location that could end up con | |||
rdfs:isDefinedBy <http://dbpedia.org/resource/Credential_Management> ; | |||
:definition "Credential Management, also referred to as a Credential Management System (CMS), is an established form of software that is used for issuing and managing credentials as part of public key infrastructure (PKI)." . | |||
|
|||
:CredentialRevoking a :CredentialRevoking, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant to do this in the future, but we can use this as a case study to test out our deprecation strategy. cc @hack-sentinel
@netfl0 is there anything else to be done before merging? |
src/ontology/d3fend-protege.ttl
Outdated
owl:someValuesFrom :File ], | ||
[ a owl:Restriction ; | ||
owl:onProperty :may-access ; | ||
owl:someValuesFrom :FileServer ] ; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think we ought to drop this, this would be a transitive inference.
it appears there are merge conflicts, can you resolve? @ryantxu1 |
9fe42a9
to
3a8346f
Compare
New Evict Techniques:
New Restore Techniques