1. No category

OASIS CTI CybOX SC Meeting

www.oasis-open.org
CTI CybOX SC Meeting
December 17, 2015
Agenda




Recent Discussion Recap
Device/System Object Refactoring Discussion

Extensions
Draft Face to Face Agenda
OASIS Work Product Update
Recent Discussion Recap I

File Object Refactoring

File metadata properties
Field
Type
Multiplicity
Description
extension_type
string
1
Specifies the type of this extension; required and MUST be set to
'FileMetadataExtension'
0-1
The MIME type name from the IANA media type registry
(http://www.iana.org/assignments/media-types/media-types.xhtml) specified
for the file, e.g., "msword".
mime_type

string
More explicit directory characterization
Field
Type
Multiplicity
Description
is_directory
boolean
1
A required flag that indicates whether the file object instance represents a
directory (if TRUE) or a file (if FALSE).
file_name
string
0-1
The name of the file, including its extension (if known) but excluding its path.
This field may only be included ONLY IF the is_directory property is set to
FALSE.
0-1
The path to the file on the file system, excluding its name and extension. If this
field is included without the file_name field, the file object instance specifies a
directory.
file_path
FilePath
Recent Discussion Recap II

Capture of Analytical Observations

E.g., file masquerading

“malware.exe.txt”


Is this something that belongs in CybOX?

is_masqueraded = true
Or should CybOX only support “the facts” that support the analytical
observation, and leave the observations to be captured elsewhere?

file_name = “malware.exe.txt”

mime_type = “vnd.microsoft.portable-executable”
Device/Sys. Object Refactoring I
Current State (CybOX 2.1)
OS Property
Device Property
Device/Sys. Object Refactoring II
Proposed Refactoring (straw man)
Face to Face Agenda (draft)





Patterning refactoring
Object refactoring

Focus on any open questions for each
CybOX Core Pruning

Making a more lightweight, focused CybOX Core
CybOX 3.0 “end state”
Overlapping STIX/CybOX issues

Design philosophy

First-class relationships

Required IDs

Etc.
OASIS Work Product Update

CybOX 2.1.1

90 specifications out of 94 reviewed and edited

https://github.com/CybOXProject/specifications/tree/master/documents

ETA: Late December
Next Meeting

Thursday, January 28th @ 10:00am ET

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz