© 2010 The MITRE Corporation. All rights reserved Developer Web Conference 14 May 2010.

Slides:



Advertisements
Similar presentations
Dr. Leo Obrst MITRE Information Semantics Information Discovery & Understanding Command & Control Center February 6, 2014February 6, 2014February 6, 2014.
Advertisements

VARTAN – Validation Reporting Templates Jürgen Teutsch, NLR CAATS Workshop, 16-Feb-2006, Lanzarote.
A centre of expertise in digital information management UKOLN is supported by: XML and the DCMI Abstract Model DC Architecture WG Meeting,
What is XML? a meta language that allows you to create and format your own document markups a method for putting structured data into a text file; these.
Programming Languages and Paradigms
UNCERTML - DESCRIBING AND COMMUNICATING UNCERTAINTY Matthew Williams
 DB&A, Knowledge Management Within and Across Projects June 15, 2012 INNOVATION for a better world.
© 2012 The MITRE Corporation. All rights reserved. For internal MITRE use 11 July 2013 Meeting #6 hData Record Format Task Force 1 © 2012 The MITRE Corporation.
3. Technical and administrative metadata standards Metadata Standards and Applications.
Document Content Description for XML, Version 1.0 By Tim Bray, Charles Frankston and Ashok Malhotra EECS 684 Presentation by Calvin Ang.
1 Software Requirements Specification Lecture 14.
Common Mechanisms in UML
Software Documentation Written By: Ian Sommerville Presentation By: Stephen Lopez-Couto.
ECA 228 Internet/Intranet Design I Intro to XML. ECA 228 Internet/Intranet Design I HTML markup language very loose standards browsers adjust for non-standard.
Metadata Standards and Applications 4. Metadata Syntaxes and Containers.
Developing Enterprise Architecture
XP New Perspectives on XML Tutorial 4 1 XML Schema Tutorial – Carey ISBN Working with Namespaces and Schemas.
1 Using Classes Object-Oriented Programming Using C++ Second Edition 5.
Using Classes Object-Oriented Programming Using C++ Second Edition 5.
© 2010 The MITRE Corporation. All rights reserved CPE Prefix Property MythBusters* CPE Core Team Technical Working Group (TWG) 05/11/2010 * This presentation.
Database System Development Lifecycle © Pearson Education Limited 1995, 2005.
Database Systems COMSATS INSTITUTE OF INFORMATION TECHNOLOGY, VEHARI.
Syntax & Semantic Introduction Organization of Language Description Abstract Syntax Formal Syntax The Way of Writing Grammars Formal Semantic.
CPE Core Team: Brant Cheikes and Mary Parmelee (MITRE); Dave Waltermire, Paul Cichonski, Harold Booth and Chris McCormick (NIST); Jim Ronayne and Shane.
EARTH SCIENCE MARKUP LANGUAGE “Define Once Use Anywhere” INFORMATION TECHNOLOGY AND SYSTEMS CENTER UNIVERSITY OF ALABAMA IN HUNTSVILLE.
Why XML ? Problems with HTML HTML design - HTML is intended for presentation of information as Web pages. - HTML contains a fixed set of markup tags. This.
XML CPSC 315 – Programming Studio Fall 2008 Project 3, Lecture 1.
Clément Troprès - Damien Coppéré1 Semantic Web Based on: -The semantic web -Ontologies Come of Age.
Introduction to XML. XML - Connectivity is Key Need for customized page layout – e.g. filter to display only recent data Downloadable product comparisons.
1 Strassner-Policy Theory and Practice – IM2001 Purpose of the PCIM Provide a set of classes and relationships that provide an extensible means for defining.
Chapter 27 The World Wide Web and XML. Copyright © 2004 Pearson Addison-Wesley. All rights reserved.27-2 Topics in this Chapter The Web and the Internet.
Processing of structured documents Spring 2002, Part 2 Helena Ahonen-Myka.
CountryData Technologies for Data Exchange SDMX Information Model: An Introduction.
1 Tutorial 13 Validating Documents with DTDs Working with Document Type Definitions.
Scalable Metadata Definition Frameworks Raymond Plante NCSA/NVO Toward an International Virtual Observatory How do we encourage a smooth evolution of metadata.
1 What’s Next for Financial Management Line of Business (FMLoB)? AGA/GWSCPA 6 th Annual Conference Dianne Copeland, Director, FSIO May 8, 2007.
XML A web enabled data description language 4/22/2001 By Mark Lawson & Edward Ryan L’Herault.
XP Tutorial 9 1 Working with XHTML. XP SGML 2 Standard Generalized Markup Language (SGML) A standard for specifying markup languages. Large, complex standard.
Uml is made similar by the presence of four common mechanisms that apply consistently throughout the language. After constructing or developing the architecture.
Work Breakdown Structure Use and Demo
UNCERTML - DESCRIBING AND COMMUNICATING UNCERTAINTY WITHIN THE (SEMANTIC) WEB Matthew Williams
Chapter 27 The World Wide Web and XML. Copyright © 2004 Pearson Addison-Wesley. All rights reserved.27-2 Topics in this Chapter The Web and the Internet.
Structured Programming
Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.
The Use of Ontology Design Patterns for Metadata Semantics: Methods, Chances, and Limitations Gary Berg-Cross SOCoP Executive Secretary US RDA Advisory.
Metadata By N.Gopinath AP/CSE Metadata and it’s role in the lifecycle. The collection, maintenance, and deployment of metadata Metadata and tool integration.
Pete Johnston, Eduserv Foundation 16 April 2007 An Introduction to the DCMI Abstract Model JISC.
Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.
DC Architecture WG meeting Wednesday Seminar Room: 5205 (2nd Floor)
Logical Database Design and Relation Data Model Muhammad Nasir
Jackson, Web Technologies: A Computer Science Perspective, © 2007 Prentice-Hall, Inc. All rights reserved Chapter 7 Representing Web Data:
TTCN-3 Testing and Test Control Notation Version 3.
© 2010 IBM Corporation RESTFul Service Modelling in Rational Software Architect April, 2011.
FG Group -Afrilia BP -Liana F.B.I -Maulidatun Nisa -Riza Amini F.
Understanding the Value and Importance of Proper Data Documentation 5-1 At the conclusion of this module the participant will be able to List the seven.
1 DATA Act Information Model Schema (DAIMS) Version 1.0 Briefing June 2016.
© 2012 Cengage Learning. All Rights Reserved. This edition is intended for use outside of the U.S. only, with content that may be different from the U.S.
Welcome to the Permit Implementation Regulations (AB 1497) Workshop.
Unit 4 Representing Web Data: XML
Names and Attributes Names are a key programming language feature
CTI STIX SC Monthly Meeting
SysML v2 Formalism: Requirements & Benefits
Structured Programming
Active Data Management in Space 20m DG
Software Documentation
Chapter 7 Representing Web Data: XML
Submission Title: [Channel Page/Number Proposal]
Change Highlights January 2013
Submission Title: [Channel Bands Update]
Web-based Imaging Management System Working Group - WIMS
Presentation transcript:

© 2010 The MITRE Corporation. All rights reserved Developer Web Conference 14 May 2010

© 2010 The MITRE Corporation. All rights reserved Opening Remarks CPE v2.3 on fast track to release for public comment by 11 June 2010 Purpose of today’s conference is to review highlights of planned changes, provide opportunity for real-time discussion Not everything you will hear today is cast in concrete—comments/suggestions welcome Post-conference feedback to cpe-list is strongly encouraged 2

© 2010 The MITRE Corporation. All rights reserved Work Schedule 22 Feb:CPE Developer Day Workshop 16 Mar:Core Team formed 22 Apr:V2.3 roadmap posted 10 May:Naming, Dictionary plans posted 14 May:Developer web conference 11 Jun:Draft specs released for public comment 16 Jun:CPE Developer Day Workshop 9 Jul:Public comment period closes 23 Jul:Final v2.3 drafts submitted to NIST 3

© 2010 The MITRE Corporation. All rights reserved V2.3 Objectives Due to the short time frame, changes in CPE 2.3 intended to address immediate community concerns while minimizing risk to adopters –Limit potential disruption during release of SCAP 1.2 –Provide basis for innovation of future capabilities to address larger community needs 4

© 2010 The MITRE Corporation. All rights reserved Fear Not! CPE v2.2 will continue to be supported for several years after v2.3 is released –NIST SCAP lifecycle ensures ongoing support –V2.2-conformant names will remain valid –V2.2 dictionary content will continue to be maintained 5

© 2010 The MITRE Corporation. All rights reserved Big Picture 6 V2.3 implemented as a stack of specifications Minimalist Naming specification at the bottom Matching builds on Naming Dictionary and CPE Language on the top

© 2010 The MITRE Corporation. All rights reserved Naming Specification Highlights of the Naming Specification 7

© 2010 The MITRE Corporation. All rights reserved Key Improvements No prefix property V2.2 URI binding is retained A simple formatted string binding is introduced –Easily distinguished from v2.2 URIs by inspection Four edition-related attributes are broken out –sw_edition, target_sw, target_hw, other_edition Need for percent-encoding largely eliminated Foundation provided for embedded wildcard characters 8

© 2010 The MITRE Corporation. All rights reserved Highlights: Naming (1/5) Naming specification introduces the concept of a well-formed name (WFN) –A conceptual data structure, not machine-readable –An unordered set of attribute-value pairs –Attributes selected from a specified vocabulary –Each attribute appears at most once in a WFN –Values of attributes are character strings –Some attributes have specified valid values, for most others the Naming specification recommends that values be chosen from valid-values lists 9

© 2010 The MITRE Corporation. All rights reserved Highlights: Naming (2/5) Key ideas: –Separate the specification of a WFN from the specification of how a WFN is bound to a machine- readable representation –Support two distinct uses of WFNs: Partial (potentially ambiguous) descriptions of products, for matching against a dictionary Identifiers for individual products listed in a dictionary –A WFN need not match anything in a dictionary Being “well formed” does not mean “correct”, “valid”, or referring to an actual product 10

© 2010 The MITRE Corporation. All rights reserved Highlights: Naming (3/5) No prefix property Allowed attributes: –Imported from 2.2: Part, vendor, product, version, update, edition, language Edition is deprecated –New in 2.3: Sw_edition, target_sw, target_hw, other_edition Legacy dictionary content will not be converted to take advantage of new attributes 11

© 2010 The MITRE Corporation. All rights reserved Highlights: Naming (4/5) Need for “percent encoding” largely eliminated Most formerly-reserved characters now permitted to be embedded in value strings –Allows upper-stack specifications to attach special interpretations to particular characters, e.g., use ‘?’ and ‘*’ as wildcards Several characters handled specially: –Asterisk, Dollar-sign, Question-Mark, Hyphen 12

© 2010 The MITRE Corporation. All rights reserved Highlights: Naming (5/5) To create names for machine interchange, WFNs are bound to machine-readable encodings Two bindings supported in v2.3 –URI binding For backward compatibility w/ v2.2 –Formatted string binding New in v2,3 Either binding may be used –Mechanical conversion algorithms will be provided 13

© 2010 The MITRE Corporation. All rights reserved URI Binding: Example 1 WFN: [part=“a”,vendor=“adobe”,product=“acrobat++”,version=“9.2”, edition=“*”] Straightforward binding to v2.2-conformant URI, respecting the component order defined in v2.2: cpe:/a:adobe:acrobat%43%43:9.2:-::- Notes: Reserved characters must be percent-encoded Unspecified attributes in WFN bind to single hyphen Asterisk and dollar-sign, when used alone, bind to blank Asterisk/dollar-sign embedded in a value are deleted 14

© 2010 The MITRE Corporation. All rights reserved Formatted String Binding: Overview Looks like this: cpe-2.3:/ : : : : : : : : : Notes: Distinct URI-like scheme name Using a “URI-like” binding to minimize differences from

© 2010 The MITRE Corporation. All rights reserved Formatted String Binding cpe-2.3:/a:adobe:acrobat++:9.2:-:*:-:-:x64:- 16 vendor part product update language version sw_edition target_sw other_edition target_hw

© 2010 The MITRE Corporation. All rights reserved Formatted String Bindings: Example 1 WFN: [part=“a”,vendor=“adobe”,product=“acrobat++”,version=“9.2”, sw_edition=“*”,target_hw=“x64”] Binds to cpe-2.3:/a:adobe:acrobat++:9.2:-:*:-:-:x64:- Notes: Reserved characters are not percent-encoded Unspecified attributes in WFN bind to single hyphen No special handling of $, *, etc.—may be used and embedded as wildcards 17

© 2010 The MITRE Corporation. All rights reserved URI Binding: Example 2 WFN: [part=“a”,vendor=“adobe”,product=“acrobat++”,version=“9.2”, sw_edition=“*”,target_hw=“x64”] Binds to cpe-2.3:/a:adobe:acrobat%42%42:9.2:-:~~-~x64~-:- Notes: “~~-~x64~-” is a “packed” encoding of the four extended edition attributes introduced in v2.3 18

© 2010 The MITRE Corporation. All rights reserved Packing “Packing” algorithm used to consolidate the four extended edition attributes into a single component value in the 2.2 URI binding 19 …:~ ~ ~ ~ :… Tilde (~) used to sub-delimit the four fields Not currently used in 2.2 dictionary Leading tilde serves as flag

© 2010 The MITRE Corporation. All rights reserved Key Improvements Redux No prefix property V2.2 URI binding is retained A simple formatted string binding is introduced –Easily distinguished from v2.2 URIs by inspection Four edition-related attributes are broken out –sw_edition, target_sw, target_hw, other_edition Need for percent-encoding largely eliminated Foundation provided for embedded wildcard characters 20

© 2010 The MITRE Corporation. All rights reserved Matching Specification Highlights of the Matching Specification 21

© 2010 The MITRE Corporation. All rights reserved Highlights: Matching (1/3) The CPE 2.3 Matching Specification will define two forms of matching: 1.The current CPE 2.2 Name Matching algorithm 2.An extended CPE 2.3 Name Matching algorithm that adds functionality for matching the additional CPE components and special characters. CPE Language matching will be defined in the CPE Language Specification as an extension to the Name Matching definition. 22

© 2010 The MITRE Corporation. All rights reserved Highlights: Matching (2/3) In order to maintain backward compatibility with the 2.2 matching algorithm the CPE Matching specification will extend the CPE Naming Specification to: –Add a specified component position constraint to a WFN; –Reserve the use of 2.2 component-level special characters, “empty” and “-”. We will also revise the verbiage in the 2.2 specification to clarify the functionality and scope of the name matching algorithm 23

© 2010 The MITRE Corporation. All rights reserved In order to expand matching capabilities in CPE 2.3 the CPE 2.3 Matching Specification will: –Define special characters to be used in WFN for name matching purposes. – * = a multi-character wild card – ? = a single character wild card Define a 2.3 matching algorithm that –Makes use of the new characters –Matches CPE ID to CPE ID –Matches CPE ID to a WFN 24 Highlights: Matching (3/3)

© 2010 The MITRE Corporation. All rights reserved Dictionary Specification Highlights of the Dictionary Specification 25

© 2010 The MITRE Corporation. All rights reserved Highlights: Dictionary (1/7) Dictionary Specification will define the concept of a dictionary and high-level rules for dictionary creators. –Defines how organizations instantiate dictionaries –Defines accompanying documents dictionary maintainers must create and maintain –Defines high-level, global rules for CPE name acceptance criteria –Define data model for capturing provenance information relating to CPE names –Does not single out any specific dictionaries as official 26

© 2010 The MITRE Corporation. All rights reserved Highlights: Dictionary (2/7) Dictionary is a repository of product identifiers –A CPE Name serving as an identifiers is different than an abstract CPE name representing a set of products Only fully-qualified names permitted within the dictionary. –Fully-qualified means all CPE attributes must be populated with data (no blanks, ‘*’ or ‘?’ permitted). –Part, vendor, product, version attributes of CPE must be populated with known data. 27

© 2010 The MITRE Corporation. All rights reserved Highlights: Dictionary (3/7) Dollar Sign ($) special character will be introduced for use in identifiers –‘$’ is a full-component wildcard within a CPE name that represents data which is unknown, or which is not valued by a particular community –Dollar Sign ($) not permitted within part, vendor, product, or version component These components must contain known data 28

© 2010 The MITRE Corporation. All rights reserved Highlights: Dictionary (4/7) Use of Dollar Sign supports matching a more specific name against a less specific dictionary name –For example, if scanner finds product “ cpe:/o:microsoft:windows_xp:6.0:gold:sp1:en_US ” it will match against the dictionary entry “ cpe:/o:microsoft:windows_xp:6.0:$:$:$ ” This use case is not supported in CPE 2.2 –If a scanner finds the product “ cpe:/o:microsoft:windows_xp:6.0:gold:sp1:en_US ” it would not match against the dictionary entry “ cpe:/o:microsoft:windows_xp:6.0 ” 29

© 2010 The MITRE Corporation. All rights reserved Highlights: Dictionary (5/7) Dollar Sign is distinct from ‘*’ –At matching level these characters mean similar things, but the semantics change higher in the stack. –‘$’ represents “unknown” data vs ‘*’ which means “any” data –Allows explicit distinction between identifiers and names used in searching/applicability statements Different rules associated with ‘$’ and ‘*’ –‘$’ is full component wildcards only. –Conversion rules are different between a ‘$’ and ‘*’. Different conversion rules result from different meaning 30

© 2010 The MITRE Corporation. All rights reserved Highlights: Dictionary (6/7) Metadata repositories will handle abstract CPE names –Abstract names do not identify unique products and therefore do not belong in dictionary. –Metadata repositories can be stood up to capture metadata relating to abstract names. Metadata repository will not be formally defined in specification –Metadata repository Spec can be written outside of CPE 2.3 as a separate portion of the stack. 31

© 2010 The MITRE Corporation. All rights reserved Highlights: Dictionary (7/7) Dictionary specification will require dictionary maintainers to produce accompanying documents. Dictionary Content Management/Decisions Document –Will define content management rules associated with dictionary content –Capture community decisions relating to how to populate component values (e.g. API calls, file locations) Dictionary Process Management Document –Will capture any dictionary specific process information (e.g. CPE name acceptance criteria) 32

© 2010 The MITRE Corporation. All rights reserved CPE Language Specification NO SIGNIFICANT CHANGES ENVISAGED UPDATED TO BE CONSISTENT WITH LOWER-LEVEL STACK SPECIFICATIONS 33

© 2010 The MITRE Corporation. All rights reserved THE END Please engage on the discussion list –What do you like about what you see in 2.3? –What don’t you like? 34

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.