Agenda for 8/23 TC Working Session

["Kirillov, Ivan A." <ikirillov@mitre.org>]

All,

 

On tomorrow’s working call we’ll be focusing on a number of CybOX topics, including the following:

 

·         File/Directory Object

o    Trey and I recently added a new Directory Object, and welcome your feedback: https://docs.google.com/document/d/1DdS-NrVTjGJ3wvCJ7dbSlhYeiaWS6G6dOXu2F3POpUs/edit#heading=h.lyvpga5hlw52

o    Semantically this seems clearer than having a File Object that can also characterize directories

·         Hex/Binary Object DataTypes: https://docs.google.com/document/d/1PSGv6Uvo3YyrK354cH0cvdn7gGedbhYJkgNVzwW9E6A/edit#heading=h.6qyimz2u366

o    It has been pointed out that our binary and hex datatypes are duplicative because they can convey the same data; accordingly there are a few questions around them that we need to address:

§  Should we coalesce Hex/Binary into a single datatype?

§  If we keep hex as a separate type, how should we represent hex data?

·         As a C-style delimited string? E.g., \x2A\xFF?

·         As a non-delimited string? E.g., 2AFF?

·         PE Binary Extension Datatypes: https://docs.google.com/document/d/1DdS-NrVTjGJ3wvCJ7dbSlhYeiaWS6G6dOXu2F3POpUs/edit#heading=h.tlok7x3ugmrd

o    Does our use of non-hex datatypes for PE header characterization make sense? It has been pointed out that it would be useful for patterning to use the existing datatypes (integer, timestamp, etc.) vs. hex.

 

If anyone has other CybOX-related topics they’d like to discuss, feel free to bring them up!

 

Regards,

Ivan