You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I propose adding the remaining CAPEC individuals into D3FEND, following the model set by this example, with some enhancements.
The dataset contains XML with all of the individuals modeled as attack patterns. These patterns have all the information found on the CAPEC website (and more).
I will add a Python script that parses the XML and generates OWL classes in the following way:
d3f:CAPEC-663 a d3f:CommonAttackPattern,
owl:Class,
owl:NamedIndividual ;
rdfs:label "Exploitation of Transient Instruction Execution" ;
d3f:capec-id "CAPEC-663" ;
d3f:definition "An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data." ;
d3f:related d3f:CAPEC-124,
d3f:CAPEC-180,
d3f:CAPEC-212,
d3f:CWE-1037,
d3f:CWE-1264,
d3f:CWE-1303 ;
rdfs:seeAlso <https://capec.mitre.org/data/definitions/663.html> ;
rdfs:subClassOf d3f:CAPEC-184,
d3f:CAPEC-74,
d3f:CommonAttackPattern .
This maps the CAPEC hierarchy from the ChildOf relationships in the dataset into RDFS. I also add semantic relations to linked CWEs and PeerOf relationships available in the CAPEC individual. I look forward to having links to CWEs, which may prove crucial to classify vulnerabilities by their weaknesses.
Following the example in the existing D3FEND ontology:
I propose adding the remaining CAPEC individuals into D3FEND, following the model set by this example, with some enhancements.
The dataset contains XML with all of the individuals modeled as attack patterns. These patterns have all the information found on the CAPEC website (and more).
I will add a Python script that parses the XML and generates OWL classes in the following way:
This maps the CAPEC hierarchy from the ChildOf relationships in the dataset into RDFS. I also add semantic relations to linked CWEs and PeerOf relationships available in the CAPEC individual. I look forward to having links to CWEs, which may prove crucial to classify vulnerabilities by their weaknesses.
References
The text was updated successfully, but these errors were encountered: