Algorithims - mikejl/research GitHub Wiki

The algorithms are used in data collection of the following areas:

  • Service data - Collect data on the service for the current system run level. Their status and security context.
  • Policy data - Details on policies (Booleans) for the service.
  • Object data - Security context on objects related to the service.

Hash values are computed by:

  1. Each configuration tuple for Service (S), Boolean/Policy (P), and File Context (C)
  2. A fingerprint hash is computed for each area (S, B, C)
  3. A hash by domain is computed (chain hash of each # for S, B, and C)

Algorithm 1. Build Results Table

In Code

System table hold summary data of test results and data.
Inputs:
- System Name (N)
- Date/Time (DT)
- Test (T)
- Service Fingerprint (SFP)
- Policy Fingerprint (PFP)
- Context Fingerprint (CFP)
- Service Count (Sc)
- Policy Count (Pc)
- Context Count(Cc)
Outputs:
- Tuple of {N, DT, T, SFP, PFP, CFP, Sc, Pc, Cc}

Algorithm 2. Build Service Tuple

in Code

For each service build a tuple from raw data collected.
Inputs:
- System Name (N)
- Test Number (T)
Outputs:

  1. For each system in system data:
    a. Get service name {S};
    b. Get service security context {C};
    c. Get service domain {D};
    d. Hash <— {S, D, C};
  2. Tuple of {N, T, S, C, D , Hash, Date/Time}

Algorithm 3. Build File Context Tuple

In Code

From the raw file context data build a file (object) context tuple extracting key items for hash
Inputs:
- System Name (N)
- Test Number (T)
Outputs:

  1. For each context in context data:
    a. Get Path {P};
    b. Get object type {Ot};
    c. Get object security context {C};
    d. Get object domain {D};
    e. Get object (O) name {On};
    f. Hash <— {P, Ot, C};
  2. Tuple of {N, T, P, Ot, C, D, Hash, Date/Time}

Algorithm 4. Build Policy (Boolean) Table

In Code

From raw Boolean data build tuple, extracting domain and creating hash on key items.
Inputs:
- System Name (N)
- Test Number (T)
Outputs:

  1. For each context in context data:
    a. Get Boolean name {p};
    b. Get Boolean Description {D};
    c. Get Boolean state {t};
    d. Get Boolean default state {Dt};
    e. Get Boolean domain {D};
    f. Hash <— {p, Dt, t, D};
  2. Tuple of {N, T, p, Dt, t, D, Hash, Date/Time}

Algorithm 5. Build Fingerprint Hash

In Code 1 In Code 2 In Code 3

For each area (Service, Policy and Context) generate a unique hash (fingerprint) based on a chain hash of each tuple value of that area.
Inputs:
- System Name (N)
- Test Number (T) - Array, sorted by name, of hashes for the area (S, P, C)
Outputs:

  1. For first item in hash array:
    a. Set H1 = "";
    b. Set H2 = item from array;
  2. H1 || H2 <-- Hash as new H1
    a. For item +1 to N;
    b. H1 = item;
    c. H2 = Previous H1;
    d. H1 || H2 < -- Hash
  3. {Fp} <-- final hash

Algorithm 6. Differential

In Code

  1. Compare test fingerprint (Tfp) with baseline fingerprint (Bpf) for (x = pfp, sfp, cfp)
    Bfp(x) == Tfp(x)
    If no diff return (no diff) else:
  2. Compare hash stacks
    Pull B(x)fp (pull _id, Hash) Bashline hash = Bh
    Pull T(x)fp (pull _id, Hash) Test Hash = Th
    If Bh != Th then
    diff = 1
    Else
    diff = 0
  3. Pull Diff data For each Diff == 1
    Pull data tuple by _id
  4. List differences
    By Service, Policy, FContext