Closed kchason closed 1 year ago
This was ported from https://unifiedcyberontology.atlassian.net/jira/software/projects/OC/issues/OC-208
Allow relationship between a uco-observable:X509Certificate and an uco-observabe:ObservableObject that was signed by that certificate.
uco-observable:X509Certificate
uco-observabe:ObservableObject
Add a new Signed_By property to the uco-vocabulary:ObservableObjectRelationshipVocab
Signed_By
uco-vocabulary:ObservableObjectRelationshipVocab
Was this application digitally signed, and if so, what certificate digitally signed it?
[ { "@id": "kb:application-1", "@type": "uco-observable:Application", "uco-core:hasFacet": [ { "@type": "uco-observable:ApplicationFacet", "uco-observable:applicationIdentifier": "com.google.package", "uco-observable:version": "1.0" }, { "@type": "uco-observable:FileFacet", "uco-observable:filePath": "/path/to/application.apk", "uco-observable:fileName": "application.apk", "uco-observable:extension": "apk", "uco-observable:isDirectory": false, "uco-observable:accessedTime": { "@type": "xsd:dateTime", "@value": "2009-01-15T17:59:43.25Z" }, "uco-observable:observableCreatedTime": { "@type": "xsd:dateTime", "@value": "2009-01-15T17:59:43.25Z" }, "uco-observable:modifiedTime": { "@type": "xsd:dateTime", "@value": "2009-01-15T17:59:43.25Z" } }, { "@type": "uco-observable:ContentDataFacet", "uco-observable:sizeInBytes": 23000, "uco-observable:dataPayload": "<base 64 encoded data of the file>", "uco-observable:hash": [ { "@type": "uco-types:Hash", "uco-types:hashMethod": { "@type": "uco-vocabulary:HashNameVocab", "@value": "SHA256" }, "uco-types:hashValue": { "@type": "xsd:hexBinary", "@value": "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3" } } ] } ] }, { "@id": "kb:signing-certificate-1", "@type": "uco-observable:X509Certificate", "uco-core:hasFacet": [ { "@type": "uco-observable:X509CertificateFacet", "uco-observable:issuer": "ISSUER", "uco-observable:serialNumber": "ABCDEF", "uco-observable:subject": "SUBJECT", "uco-observable:subjectHash": "HASH", "uco-observable:version": "VERSION" } ] }, { "@id": "kb:application-signing-relationship-1", "@type": "uco-observable:ObservableRelationship", "uco-core:source": { "@id": "kb:application-1" }, "uco-core:target": { "@id": "kb:signing-certificate-1" }, "uco-core:kindOfRelationship": "Signed_By" } ]
Contained in !334
Add the following to the uco-vocabulary:ObservableObjectRelationshipVocab:
"Signed_By"^^vocabulary:ObservableObjectRelationshipVocab
develop
develop-2.0.0
Background
This was ported from https://unifiedcyberontology.atlassian.net/jira/software/projects/OC/issues/OC-208
Allow relationship between a
uco-observable:X509Certificateand anuco-observabe:ObservableObjectthat was signed by that certificate.Requirements
Requirement 1
Add a new
Signed_Byproperty to theuco-vocabulary:ObservableObjectRelationshipVocabRisk / Benefit analysis
Benefits
Risks
Competencies demonstrated
Competency 1
Competency Question 1.1
Was this application digitally signed, and if so, what certificate digitally signed it?
Result 1.1
Solution suggestion
Contained in !334
Add the following to the
uco-vocabulary:ObservableObjectRelationshipVocab:Coordination
developfor the next releasedevelopstate with backwards-compatible implementation merged intodevelop-2.0.0develop-2.0.0(N/A)