Custom_Objects - a replacement for previous proposal for clarifing ObjectType structures

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Custom_Objects - a replacement for previous proposal for clarifing ObjectType structures

Charles Schmidt (MITRE)
Administrator
Hello all,

Based on some feedback as well as some internal experimentation, we have a
new proposal to deal with the problem of custom vs. well-defined Object
characteristics. In the previous proposal (sent 3/8 - "Clarify structures of
ObjectType associated with object characterization) we discussed schema
modifications that would enforce the initial CybOX assumption that ad-hoc
attributes would not be used in conjunction with well-defined object
attributes from the CybOX Object schemas. Since then, that basic assumption
has been questioned and some have proposed that it might be better to allow
a mixture of ad-hoc and well-defined characteristics in describing an
object.

The attached proposal outlines changes to the CybOX schema to make custom
attributes usable within well-defined Object schemas, and makes use of
purely ad-hoc Object description equivalent to the use of well-defined
Objects (rather than a separate branch of the ObjectType). This
corresponds to item #6 in the CybOX Project/Schemas issue tracker on GitHub.
(https://github.com/CybOXProject) Please note that this is not describing an
accepted change but rather is a proposal being put forward for community
review and feedback. Comments and concerns with regard to this proposal are
welcome - please send comments in response to this message.

Note that this still does not address David Challener's comments about
possible accidental collision of ad-hoc attribute names - where two parties
each create an ad-hoc attribute (or an ad-hoc Object) for different purposes
but assign it the same name; a third party might assume the identically
named attributes are equivalent, but this is not the case. This remains an
open question and we are interested in community suggestions on this point,
as well as any other comments about this proposal.

Thanks,
Charles (for the CybOX Team)

CustomObject.pdf (620K) Download Attachment
smime.p7s (9K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Custom_Objects - a replacement for previous proposal for clarifing ObjectType structures

Gruman, Francis (Frank)
Regarding the object name collisions for custom objects, I would propose an
object registry similar to what the folks in the LDAP world have created for
their schema definitions.  Assuming we are all working from schema
definitions, that is.  This would enable some public sharing of schema
objects for those not opposed to sharing schema information.  The LDAP folks
also set aside identifiers enabling "private" naming for those organizations
not wanting to share their custom schema extensions.

Now, to address the custom attributes extending objects, is it valid to look
for a registration of attributes specific to object extension or attributes
applied globally?  In other words, taking the example from the document, is
"polarity" a custom attribute specific to the Address object or is it an
attribute that is globally shared across all objects?  In either case,
perhaps also creating an "Attributes" or "Extensions" registry to allow for
submission of global or object-specific attributes would be beneficial.  The
value add here is that various markets could have their own extensions (i.e.
Government could extend with CAPCO labeling fields while Healthcare could
extend with any HIPAA labeling fields and Banking / Payment Processing with
any PCI ).  This allows CybOX to stay true to the core object schemas and
allow the industries to manage their own extensions to the core.

Just my 2 cents.

Regards,
Frank

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Schmidt,
Charles M.
Sent: Tuesday, March 26, 2013 3:50 PM
To: cybox-discussion-list Cyber Observable Expression/CybOX Discussi
Subject: Custom_Objects - a replacement for previous proposal for clarifing
ObjectType structures

Hello all,

Based on some feedback as well as some internal experimentation, we have a
new proposal to deal with the problem of custom vs. well-defined Object
characteristics. In the previous proposal (sent 3/8 - "Clarify structures of
ObjectType associated with object characterization) we discussed schema
modifications that would enforce the initial CybOX assumption that ad-hoc
attributes would not be used in conjunction with well-defined object
attributes from the CybOX Object schemas. Since then, that basic assumption
has been questioned and some have proposed that it might be better to allow
a mixture of ad-hoc and well-defined characteristics in describing an
object.

The attached proposal outlines changes to the CybOX schema to make custom
attributes usable within well-defined Object schemas, and makes use of
purely ad-hoc Object description equivalent to the use of well-defined
Objects (rather than a separate branch of the ObjectType). This
corresponds to item #6 in the CybOX Project/Schemas issue tracker on GitHub.
(https://github.com/CybOXProject) Please note that this is not describing an
accepted change but rather is a proposal being put forward for community
review and feedback. Comments and concerns with regard to this proposal are
welcome - please send comments in response to this message.

Note that this still does not address David Challener's comments about
possible accidental collision of ad-hoc attribute names - where two parties
each create an ad-hoc attribute (or an ad-hoc Object) for different purposes
but assign it the same name; a third party might assume the identically
named attributes are equivalent, but this is not the case. This remains an
open question and we are interested in community suggestions on this point,
as well as any other comments about this proposal.

Thanks,
Charles (for the CybOX Team)

smime.p7s (7K) Download Attachment