Replies: 1 comment
-
|
I am partial to the verbs in the ontology being used as labels for the actions. Credential eviction should have a restriction that it d3f:evicts some d3f:Credential, like d3f:FileAnalysis d3f:analyzes some d3f:File. Maybe those verbs are the primary action of the technique? However, it might be best to take all of the restrictions into account "at once", so the actions associated with techniques aren't necessarily monolithic and can support composition and dynamic dispatch. "Evicts" can be interpreted as a generic function that evicts some artifact from your environment, so implementing credential eviction would be like installing a method on that generic function that dispatches to an implementing "credential eviction" technique when the evicts function is called with a d3f:Credential. This way the automation engine can be extended as the ontology evolves without rewriting everything. However, this is just a personal preference. |
Beta Was this translation helpful? Give feedback.
-
D3FEND technique naming.
Background
Proposal for a new alternative label on D3FEND Techniques.
Consider:
Though not perfectly consistent, we've used the noun-phrase of the action verb under consideration. However, this choice is biased toward capability analysis use cases for the ontology. However, for developers building systems which reference D3FEND Techniques as discrete actions, the action-style phrasing is more applicable.
Proposal
We propose adding a new property,
action-labelto the techniques for these scenarios. For example, an automation/orchestration engine might take the actionEvict Credential(Credential Eviction), and then create a log message, using that string, of the action taken and its results. For now, we will not model a parallel set of Events (Acts) which correspond to the D3FEND techniques. At some point it might be necessary to do that explicitly or using inference.Beta Was this translation helpful? Give feedback.
All reactions