1 Project ViST is inspired by [osquery](https://osquery.io/).
2 osquery views operating system as table
3 from the perspective of the system administrator.
5 We view operating system as table
6 from the perspective of the system programmar.
7 We want to provide them more compact and
8 more efficient library from this different perspective.
11 # ViST, Virtual Security Table
12 ViST(Virtual Security Table) is a security monitoring framework using SQL query.
13 - Provides APIs for monitoring and controlling security resources.
14 - Views security resources as virtual tables and manipulates them through SQL queries.
15 - Adopts a plug-in architecture and uses [osquery](https://osquery.io/) as the query analysis engine.
17 # Architecture (Layered View)
18 <img src="https://github.sec.samsung.net/storage/user/692/files/9badb280-20db-11ea-8c37-a314f094a3aa" alt="layered architecture" width="650" height="650">
20 # Programming Abstraction
21 ViST provides three types of API.
22 One is for data structure and the other is for functional.
25 Schema API represents the data structure of Virtua Tables.
26 This is referred to by Client API and Admin API.
35 /// process schema API
46 long long int resident_size;
52 ## Client API (SELECT)
53 Client API is a functioanl API for monitoring Virtual Tables.
54 Since Client API generates 'select query' by using query-builder, it doesn't need to write a query directly.
57 /// Querying device policies using Client API
58 vist::VirtualTable<Policy<int>> table;
59 for (const auto& row : table) {
60 vist::schema::Policy<int> policy = { row[&Policy<int>::name], row[&Policy<int>::value] };
61 std::cout << "Policy name: " << policy.name << ", ";
62 std::cout << "Policy value: " << policy.value << "\n";
66 ## Admin API (SELECT, INSERT, UPDATE, DELETE)
67 Admin API is a functioanl API for manipulating Virtual Tables.
68 This executes the query statement for the virtual table.
70 /// Registering policy admin using Admin API
71 vist::Query::Execute("INSERT INTO policy_admin (name) VALUES ('testAdmin')");
73 /// rows includes [name:testAdmin, activated:0]
74 auto rows = vist::Query::Execute("SELECT * FROM policy_admin");
76 /// Activating policy admin
77 vist::Query::Execute("UPDATE policy_admin SET activated = 1 where name = 'testAdmin'");
79 /// Excluding policy admin using Admin API
80 vist::Query::Execute("DELETE FROM policy_admin WHERE name = 'testAdmin'");
84 - Sangwan Kwon (sangwan.kwon@samsung.com)
85 - Jaemin Ryu (jm77.ryu@samsung.com)