Sounds logical to me. Are either one of you dialing into the Lang spec meeting today? As good as a time as any to bring it up
From: MARONEY, PATRICK <rx118r@att.com>
Sent: Tuesday, September 17, 2019 11:47 AM
To: 'Vasileios Mavroeidis' <vasileim@ifi.uio.no>; Brule, Joseph M <jmbrule@radium.ncsc.mil>
Cc: 'openc2-actuator@lists.oasis-open.org' <openc2-actuator@lists.oasis-open.org>
Subject: [Non-DoD Source] RE: [openc2-actuator] RE: Time-args slpf
Vasilelios, et al,
Thank you for bringing up temporality. I would go a step further and say subsumption of existing, well defined models should be considered: https://www.w3.org/TR/owl-time/
As you have pointed out: rich causality and temporality _expression_ are key concepts in any efforts to define effective Playbooks.
To Joeâs comment: temporality should be global.
Patrick Maroney
Principal âTechnology Security
AT&T Chief Security Office
From: openc2-actuator@lists.oasis-open.org <openc2-actuator@lists.oasis-open.org>
On Behalf Of Vasileios Mavroeidis
Sent: Tuesday, September 17, 2019 8:31 AM
To: jmbrule@radium.ncsc.mil
Cc: Vasileios Mavroeidis <vasileim@ifi.uio.no>; openc2-actuator@lists.oasis-open.org
Subject: Re: [openc2-actuator] RE: Time-args slpf
I think it makes sense. Many technologies can take advantage of rich temporal arguments, even a simple scan/locate of a hash can be done periodically.
Vasileios Mavroeidis â Security Researcher and Ph.D. Research Fellow
Research Group of Information and Cyber Security (SECURITY)
SecurityLab
University of Oslo
+47 40347666
Makes sense to me, do you think that we should move that up to the Language spec? Something like drop, reject, complete makes sense for packet filters, not so much for other actuators. Temporal arguments
make sense for a wide (dare I say majority) range of actuators.
Sound logical?
-----Original Message-----
From: openc2-actuator@lists.oasis-open.org <openc2-actuator@lists.oasis-open.org> On Behalf Of Vasileios Mavroeidis
Sent: Tuesday, September 17, 2019 4:09 AM
To: openc2-actuator@lists.oasis-open.org
Cc: Vasileios Mavroeidis <vasileim@ifi.uio.no>
Subject: [Non-DoD Source] [openc2-actuator] Time-args slpf
Hi all,
A suggestion for more refined time args regarding the SLPF that we may consider in the future.
Currently, we support start_time, stop_time, and duration
even though they make sense to have, a different categorization would be more useful, especially for packet filtering (many packet filters have this capability).
Parent classes:
-absolute or absolute_time
-periodic or periodic_time
Absolute_time can include start_time, stop_time, duration Periodic, it is what it sounds, and it can support the following:
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
daily
weekdays
weekend
start_time (without defined date)
stop_time (without defined date)
or duration (instead of using stop time)
Best,
Vasileios Mavroeidis â Security Researcher and Ph.D. Research Fellow Research Group of Information and Cyber Security (SECURITY) SecurityLab University of Oslo
+47 40347666
|