search

d3fend / d3fend-ontology

This repository holds the necessary content to produce the D3FEND ontology distribution.
https://d3fend.mitre.org
MIT License
53 stars 22 forks source link

Add remaining CAPEC named individuals to knowledge graph #257

Open aamedina opened 1 month ago

aamedina commented 1 month ago

Following the example in the existing D3FEND ontology:

:CAPEC-663 a :CommonAttackPattern,
        owl:Class,
        owl:NamedIndividual ;
    rdfs:label "Exploitation of Transient Instruction Execution" ;
    rdfs:subClassOf :CommonAttackPattern ;
    rdfs:isDefinedBy "https://capec.mitre.org/data/definitions/663.html" ;
    :capec-id "CAPEC-553" .

I propose adding the remaining CAPEC individuals into D3FEND, following the model set by this example, with some enhancements.

The dataset contains XML with all of the individuals modeled as attack patterns. These patterns have all the information found on the CAPEC website (and more).

I will add a Python script that parses the XML and generates OWL classes in the following way:

d3f:CAPEC-663 a d3f:CommonAttackPattern,
        owl:Class,
        owl:NamedIndividual ;
    rdfs:label "Exploitation of Transient Instruction Execution" ;
    d3f:capec-id "CAPEC-663" ;
    d3f:definition "An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data." ;
    d3f:related d3f:CAPEC-124,
        d3f:CAPEC-180,
        d3f:CAPEC-212,
        d3f:CWE-1037,
        d3f:CWE-1264,
        d3f:CWE-1303 ;
    rdfs:seeAlso <https://capec.mitre.org/data/definitions/663.html> ;
    rdfs:subClassOf d3f:CAPEC-184,
        d3f:CAPEC-74,
        d3f:CommonAttackPattern .

This maps the CAPEC hierarchy from the ChildOf relationships in the dataset into RDFS. I also add semantic relations to linked CWEs and PeerOf relationships available in the CAPEC individual. I look forward to having links to CWEs, which may prove crucial to classify vulnerabilities by their weaknesses.

References