Home

Welcome to the RACK Project

Our ARCOS TA2 team welcomes you to our RACK project. RACK is a research-grade database providing a structured semantic data model tuned to the domain of the DARPA ARCOS program. RACK provides a data ingestion interface for use by ARCOS TA1 performers, a query interface for use by ARCOS TA3 performers, and a data model browsing interface for use by all ARCOS performers. While RACK aims to support the needs of ARCOS performers, we emphasize that RACK is research-grade platform with an evolving data model. See our release schedule here.

Log4j Security Update

Both the Semantics Toolkit and Apache Fuseki components of RACK v9.0 are susceptible to the log4j vulnerability. Since new releases of log4j and Fuseki are still frequent, we will keep a dev version up to date, and provide an incremental release when the situation appears to have fully stabilized.

Please use the latest dev version, and not v9.0. It can be used with this docker command:

docker pull gehighassurance/rack-box:dev

Latest status of 'dev':

• 01/05/2022 Semtk v2.0.4.20220105 upgraded to log4j 2.17.1. (Fuseki is still 4.3.2 and requires upgrade when it is released)
• 12/21/2021 SemTK v2.0.4-20211221 upgraded to log4j 2.17.0. Fuseki is upgraded to latest 4.3.2, which uses only log4j 2.0.16 and is still vulnerable to a denial-of-service attack but not the more serious original vulnerability. RACK will be updated again as soon as Fuseki 4.3.3 is available.
• 12/20/2021 log4j 2.0.16 is announced to contain a denial of service vulnerability. RACK will address this as soon as possible.
• 12/17/2021 SemTK upgraded to log4j 2.0.16 to address the vulnerability. Fuseki is updated to 4.3.1, which has upgraded only to log4j 2.0.15
• 12/13/2021 V9.0 contains the apache vulnerabilities - please use the latest dev version.

Installation Instructions

RACK-in-a-Box (RiB) is a fully functional version of RACK, deployable in a Docker container or as a virtual machine. We use containers because they allow easy deployment of packaged applications including all required libraries and dependencies, without requiring additional effort by the user to install RACK.

RiB runs on Windows, Linux, and MacOS host platforms. We know of no significant resource requirements or version constraints (assuming that your host platform is reasonably current).

• Instructions for installing RiB as a virtual machine (VM)
• Instructions for installing RiB as a Docker container

Note that there are significant differences between using a Docker container and a VM. Docker containers are faster to transfer and easy to execute, but they do not conveniently allow for session state to easily be retained from one use to the next. In contrast, VM images tend to be very large and somewhat more complex to bring up, but they do allow for saving state and resuming with no lost context. We provide both options. See the section on How to save your changes in Docker here for instructions on how to save state if you choose our Docker distribution.

APIs and Tools

We provide the following interfaces to RACK. We also provide some tooling to help the end user.

• CLI: Command-line interface can initialize RiB, import data into RiB from CSV files, and export data from RiB to CSV files. Other useful features are also available. CLI should meet most high-level needs for interacting with the RACK system.
• ASSIST
• ASSIST bin tools
• SPARQLgraph: we consider SPARQLgraph as the semantic expert's view, but may also be useful for the end-user to explore the imported instance data.
• REST API Swagger: REST calls are available if none of the other interfaces meet your needs. Swagger is one of the many ways a REST API can be explored.

Example Data and Query Set

The Turnstile is a simple example that provides a small set of "realistic" evidence that is captured in RACK. The Turnstile Example describes a small system that you may see at a security gate. This example is created as a living system and as such is expected to change and evolve with the development of the RACK tool suite. The data for this example is part of the RACK repo - data includes CSV files, ingestion templates, and ontology extensions.

RiB comes preloaded with sample query set. This allows users to start exploring RACK and exercise queries immediately without having to provide their own data. Users can load the Turnstile data by running the Load-TurnstileData.sh script.

Users may wish to familiarize themselves with RACK via SPARQLgraph. Review the generic SemTK wiki. Then, follow these instructions to ingest Turnstile data and query Turnstile data.

Preparing your own data

Here are some useful topics to help users prepare their own data.

• Create an ingestion package that can be shared for others to load into RiB.
  • Note: at present, the recommended order of operation is to first clear existing data in RACK, then ingest an entire set of instance data. This is reflected in the instructions on how to create an ingestion package. In the future, we will support the ability to update and "fit" new data into RACK.
• dateTime formatting
• Several methods to verify the data in RACK
• Use dataInsertedBy to capture how item was collected for insertion into RACK

The nature of time in RACK

RACK represents instances of things that have happened, rather than things that might happen or the ways in which things happen in general. That's why activities or entities in RACK typically contain timestamps: they say when things happened or were created (or deleted), for example. When you create data to ingest into RACK, or when you query RACK data to construct an assurance case, remember that it's all about the past.

Data Model

RACK is built on a data model with a core ontology. The data model includes a way to capture the software structure of a system. There is also a MODEL class that can be used on performer-specific ontology overlays.

The core RACK ontology is subject to change. We provide the following changelog to assist with forward compatibility.

Open Questions

• Multiple Source Data Resolution
• Open Ontology Questions