Proposal: Add New Archive File Object

Status: Open
Comment Period Closes: 12/17/2013
Affects Backwards Compatibility: No
Relevant Issue: https://github.com/CybOXProject/schemas/issues/12

Background Information

There are a number of common archive file formats (e.g. ZIP and RAR) that share similar structures. CybOX 2.0.1 does not provide a standard characterization of these files and their common set of properties.

Proposal

We propose the creation of a new CybOX object capable of characterizing the common set of metadata associated with archive files.

The ArchiveFileObjectType is an extension of the FileObj:FileObjectType and will introduce the following fields.

Field	Type	Description
Archive_File_Count	int	Number of files
Archive_Type	enum	.rar, .zip
Archive_File_Name	string	Name
Archive_File_Size	int	File size
Archive_File_Timestamp	timestamp	Timestamp
Archive_Version	string	archive version used to create archive
Archive_Encryption_Algorithm	string	encryption algorithm used
Archive_Comment	string	comment
File_Name	string	Name
File_Size	int	File size
File_Timestamp	timestamp	Timestamp
File_Encryption_Algorithm	string	encryption algorithm used
File_Comment	string	comment
File_Compression_Algorithm	string	compression algorithm

The ArchiveFileFormatType is a union of the base xs:string type and the ArchiveFileFormatEnum. The ArchiveFileFormatEnum is intended to non-exhaustively enumerate possible types of image file format names and thus contains the following values:

Value	Description
ZIP	.zip and .zipx archive format
RAR	.rar archive format

For the full proposed schema, please see https://github.com/tbd

Impact

There is no expected compatibility impact.

Requested Feedback

1. Does it make sense to add such an object to CybOX?
2. Are there any fields we should add to the ArchiveFileObjectType? Should we change any of the types used to capture the fields we've defined?
3. Are there any values we should add to the ArchiveFileFormatEnum?