Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add d3f:unloads property and associated module system calls #244

Merged
merged 1 commit into from
May 7, 2024
Merged

Add d3f:unloads property and associated module system calls #244

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Add d3f:unloads property and associated system calls for loading and … 
…unloading modules
  • Loading branch information
@aamedina
aamedina committed May 7, 2024
commit b6f7b2d025abfc5c8d87479a71ee94cddcfce4c3
51 changes: 51 additions & 0 deletions src/ontology/d3fend-protege.ttl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1142,6 +1142,11 @@ Moving forward different distinctions of kinds of has-part (contains) relationsh
rdfs:seeAlso <http://wordnet-rdf.princeton.edu/id/00354493-v> ;
:synonym "aborts" .

:unloads a owl:ObjectProperty ;
rdfs:label "unloads" ;
rdfs:subPropertyOf :evicts ;
:definition "x unloads y: The technique or artifact performs the action of unloading some artifact (applications, kernel modules, or hardware drivers, etc.) from a computer's memory." .

:unmounts a owl:ObjectProperty ;
rdfs:label "unmounts" ;
rdfs:subPropertyOf :associated-with ;
Expand Down Expand Up @@ -13019,6 +13024,12 @@ Newer system call.""" .
rdfs:isDefinedBy "https://man7.org/linux/man-pages/man2/creat.2.html" ;
:definition "Equivalent to calling Linux Open with flags equal to O_CREAT|O_WRONLY|O_TRUNC." .

:LinuxDeleteModule a owl:Class ;
rdfs:label "Linux Delete Module" ;
rdfs:subClassOf :OSAPIUnloadModule ;
rdfs:isDefinedBy <https://man7.org/linux/man-pages/man2/delete_module.2.html> ;
:definition "Attempts to remove the unused loadable module entry identified by name. If the module has an exit function, then that function is executed before unloading the module." .

:LinuxExecve a owl:Class ;
rdfs:label "Linux Execve" ;
rdfs:subClassOf :OSAPIExec ;
Expand All @@ -13037,6 +13048,12 @@ Newer system call.""" .
rdfs:isDefinedBy "https://man7.org/linux/man-pages/man2/fork.2.html" ;
:definition "Creates a child process with unique PID but retains parent PID as Parent Process Identifier (PPID)" .

:LinuxInitModule a owl:Class ;
rdfs:label "Linux Init Module" ;
rdfs:subClassOf :OSAPILoadModule ;
rdfs:isDefinedBy <https://man7.org/linux/man-pages/man2/init_module.2.html> ;
:definition "Loads an ELF image into kernel space, performs any necessary symbol relocations, initializes module parameters to values provided by the caller, and then runs the module's init function." .

:LinuxKillArgumentSIGKILL a owl:Class ;
rdfs:label "Linux Kill Argument SIGKILL" ;
rdfs:subClassOf :OSAPITerminateProcess ;
Expand Down Expand Up @@ -13245,6 +13262,16 @@ Newer system call.""" .
rdfs:isDefinedBy "https://man7.org/linux/man-pages/man2/writev.2.html" ;
:definition "Write data into multiple buffers." .

:LoadModule a owl:Class ;
rdfs:subClassOf :SystemCall,
[ a owl:Restriction ;
owl:onProperty :loads ;
owl:someValuesFrom :HardwareDriver ],
[ a owl:Restriction ;
owl:onProperty :loads ;
owl:someValuesFrom :KernelModule ] ;
:definition "A system call that loads a driver or extension into the kernel." .

:LocalAccountMonitoring a :LocalAccountMonitoring,
owl:Class,
owl:NamedIndividual ;
Expand Down Expand Up @@ -14895,6 +14922,13 @@ Operating System Monitoring Techniques have varied implementations including bui
owl:onProperty :invokes ;
owl:someValuesFrom :GetThreadContext ] .

:OSAPILoadModule a owl:Class ;
rdfs:label "OS API Load Module" ;
rdfs:subClassOf :OSAPISystemFunction,
[ a owl:Restriction ;
owl:onProperty :invokes ;
owl:someValuesFrom :LoadModule ] .

:OSAPIMoveFile a owl:Class ;
rdfs:label "OS API Move File" ;
rdfs:subClassOf :OSAPISystemFunction,
Expand Down Expand Up @@ -14999,6 +15033,13 @@ Operating System Monitoring Techniques have varied implementations including bui
owl:onProperty :invokes ;
owl:someValuesFrom :TraceThread ] .

:OSAPIUnloadModule a owl:Class ;
rdfs:label "OS API Unload Module" ;
rdfs:subClassOf :OSAPISystemFunction,
[ a owl:Restriction ;
owl:onProperty :invokes ;
owl:someValuesFrom :UnloadModule ] .

:OSAPIWriteFile a owl:Class ;
rdfs:label "OS API Write File" ;
rdfs:subClassOf :OSAPISystemFunction,
Expand Down Expand Up @@ -25698,6 +25739,16 @@ Intro to Active Learning. inovex Blog. [Link](https://www.inovex.de/de/blog/int
rdfs:subClassOf :FileSystemLink ;
:definition "A Unix link is a file link in a Unix file system." .

:UnloadModule a owl:Class ;
rdfs:subClassOf :SystemCall,
[ a owl:Restriction ;
owl:onProperty :unloads ;
owl:someValuesFrom :HardwareDriver ],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To follow the style we have been using, can you convert to two separate someValuesFrom restrictions?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure--if it's semantically equivalent in this case. The intention is to create a logical OR. PR updated.

[ a owl:Restriction ;
owl:onProperty :unloads ;
owl:someValuesFrom :KernelModule ] ;
:definition "A system call that unloads a driver or extension from the kernel." .

:UnlockAccount a owl:Class,
owl:NamedIndividual,
:UnlockAccount ;
Expand Down
Loading