Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update "integrity.Software installation" to include both in memory and on disk #422

Open
gdbassett opened this issue Dec 2, 2021 · 1 comment
Open

Update "integrity.Software installation" to include both in memory and on disk #422

gdbassett opened this issue Dec 2, 2021 · 1 comment
Assignees
@gdbassett @planglois925
Labels
accepted enumeration
Milestone
1.3.7

Comments

@gdbassett
Copy link
Contributor

"Software installation" is currently defined "Software installation or code modification" however, it somewhat implies on-disk installation. Unfortunately that leaves no impact for in-memory malware. A short term fix is to clarify the definition of "Software installation" to include in-memory or on-disk malware. A mid-point would be to add an integrity variety specific to in-memory malware, (potentially as a child of software installation along with an on-disk child). Finally, there are more wide-impacting changes around defining a new attribute associated with volatile memory manipulation (or no impact at all).
@gdbassett
Copy link
Contributor Author

Update definition to specify on disk and for folks to use 'in-memory' if a malware only exists in memory.

@gdbassett gdbassett self-assigned this Oct 12, 2022
@gdbassett gdbassett added this to the 1.3.7 milestone Oct 12, 2022
@planglois925 planglois925 self-assigned this Nov 9, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@gdbassett gdbassett

@planglois925 planglois925

Labels
accepted enumeration
Projects
None yet
Milestone
1.3.7
Development

No branches or pull requests
2 participants
@gdbassett @planglois925