Schema Differences between Version 2.7.1 and Version 3.0
Version 2.7.1 Schema File: capec_schema_v2.7.1.xsd -> Version 3.0 Schema File: capec_schema_v3.0.xsd
Major changes from 2.7.1 --> 3.0:
- Make the <Attack_Pattern_Catalog> the only valid root element. The previous 2.7.1 schema allows any number of elements to be valid root elements. As part of this change, the other children (Attack_Patterns, Views, Categories, and External_References) become optional. The previous <Attack_Pattern_Catalog> requires the existence all of the child element, even if they are empty.
- The <Compound_Element> has been removed. The rationale for this is that named chains and composites are attack patterns themselves and should therefore be defined by <Attack_Pattern> elements.
- Add the <External_References> element to the attack pattern catalog. In the previous 2.7.1 schema, references were defined inside an individual attack patterns, but assigned an ID so that they could be reused if the reference was used elsewhere. It is cleaner and easier to understand if there is a central collection of references that individual attack patterns can pull from as needed. As a side benefit, there is no longer a need to have a local reference ID as the main ID can be used.
- Vulnerabilities are no longer included in a CAPEC. CAPECs should reference CWEs, when possible. CWEs are associated with CVEs.
Simplify element names :
|Current Element Name
||New Element Name
Tweak the child elements of a <View> :
||Note / Reason
|View_Structure||moved to the "Type" attribute|
|View_Audience||Audience||changed to require description|
|Relationships||Members||only allowed relationship is <Has_Member>|
|Relationship_Notes||combined with <Notes>|
|Maintenance_Notes||combined with <Notes>|
|Other_Notes||Notes||added "Type" attribute |
|Alternate_Terms||doesn't make sense for views|
|Research_Gaps||doesn't make sense for views|
Tweak the child elements of a <Category> as it currently uses the same Common_Attributes group as attack patterns do. Many of these fields are not applicable to categories. The following set of fields are children of the <Category> element in the 3.0 schema.
- Relationships (memberOf and hasMember)
- Notes (with new Type attribute)
The removed fields are:
- Methods of Attack
Remove the following child elements of <Attack Pattern> as they are only used in a limited manner and did not hold any unique information.
- Target Attack Surface
- Methods of Attack
- Probing Techniques
- Obfuscation Techniques
- Injection Vector
- Activation Zone
- Payload Activation Impact
- Related Vulnerabilities
- Relevant Security Requirements
- Relevant Design Patterns
- Relevant Security Patterns
- Related Security Principles
- Related Guidelines
- CIA Impact
- Technical Context
- For attack patterns, the "Description" element is now a simple string. Previously there was a <Description> element with two children; a short description was named <Summary>, and the other was named <Attack_Execution_Flow>. The 3.0.0 schema removes the subelement <Summary> and changes the name of <Attack_Execution_Flow> to <Execution_Flow>, which has been repurposed as a top-level element.
- Only use the RelationshipsType complex type for categories and views (for views, the element name has been changed to <Members>). Also limit the values to memberOf and hasMember since these are the only ones that are appropriate for views and categories. For attack patterns, add a new <Related_Attack_Pattern> element that holds all the different types of relationships that attack patterns can have with each other. The reason for this change is to eliminate the incorrect use memberOf and hasMember relationships with attack patterns, and the incorrect use of parentOf and childOf with categories.
- Combine all the different note elements into a single <Notes> element. Add a type attribute that allows for a distinction between: maintenance, relationship, research gap, terminology and other. This is done to simplify the schema and the resulting XML by having less elements.
- The StructuredTextType leverages the existing XHTML standard.
More information is available — Please select a different filter.