Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

An overview of security ontologies

This paper presents an overview of ontologies in Information Systems Security. Information Systems Security is a broad and dynamic area that clearly benefits from the formalizations of concepts provided by ontologies. After a very short presentation of ontologies and Semantic Web, several works in Security Ontologies targeting different aspects of security engineering are presented together with another study that compares several publicly available security ontologies

ThreMA: Ontology-based Automated Threat Modelling for ICT Infrastructures

Threat Modelling allows defenders to identify threats to which the target system is exposed. Such a process requires a detailed infrastructure analysis to map threats to assets and to identify possible flaws. Unfortunately, the process is still mostly done manually and without the support of formally sound approaches. Moreover, Threat Modelling often involves teams with different levels of security knowledge, leading to different possible interpretation in the system under analysis representation. Threat modelling automation comes with two main challenges: (i) the need for a standard representation of models and data used in various stages of the process, establishing a formal vocabulary for all involved parties, and (ii) the requirement for a well-defined inference rule set enabling reasoning process automation for threat identification. The paper presents the ThreMA approach to automating threat modelling for ICT infrastructures, aiming at addressing the key automation issues through the use of ontologies. Specifically, a formal vocabulary for modelling an ICT infrastructure, a threat catalog and a set of inference rules needed to support the reasoning process for threat identification are provided. The proposed approach has been validated against actual significant case studies provided by different Stakeholders of the Italian Public Sector

An Integrated Framework for the Methodological Assurance of Security and Privacy in the Development and Operation of MultiCloud Applications

x, 169 p.This Thesis studies research questions about how to design multiCloud applications taking into account security and privacy requirements to protect the system from potential risks and about how to decide which security and privacy protections to include in the system. In addition, solutions are needed to overcome the difficulties in assuring security and privacy properties defined at design time still hold all along the system life-cycle, from development to operation.In this Thesis an innovative DevOps integrated methodology and framework are presented, which help to rationalise and systematise security and privacy analyses in multiCloud to enable an informed decision-process for risk-cost balanced selection of the protections of the system components and the protections to request from Cloud Service Providers used. The focus of the work is on the Development phase of the analysis and creation of multiCloud applications.The main contributions of this Thesis for multiCloud applications are four: i) The integrated DevOps methodology for security and privacy assurance; and its integrating parts: ii) a security and privacy requirements modelling language, iii) a continuous risk assessment methodology and its complementary risk-based optimisation of defences, and iv) a Security and Privacy Service Level AgreementComposition method.The integrated DevOps methodology and its integrating Development methods have been validated in the case study of a real multiCloud application in the eHealth domain. The validation confirmed the feasibility and benefits of the solution with regards to the rationalisation and systematisation of security and privacy assurance in multiCloud systems

Security In The Internet Of Things - A Systematic Mapping Study

The Internet of Things (IoT) concept is emerging and evolving rapidly. Various technical solutions for multiple purposes have been proposed for its implementation. The rapid evolution and utilization of IoT technologies has raised security concerns and created a feeling of uncertainty among IoT adopters. The purpose of this paper is to examine the current research trends related to security concerns of the IoT concept and provide a detailed understanding of the topic. We thus applied systematic mapping study as the methodological approach. Based on the chosen search strategy, 38 articles (of close to 3500 articles in the field) were selected for a closer examination. Out of these articles, the concerns, solutions and research gaps for the security in the IoT concept were extracted. The mapping study identifies nine main concerns and 11 solutions. However, the findings also reveal challenges, such as secure privacy management and cloud integration that still require efficient solutions

Artificial Intelligence and Big Data Analytics in Support of Cyber Defense

Cybersecurity analysts rely on vast volumes of security event data to predict, identify, characterize, and deal with security threats. These analysts must understand and make sense of these huge datasets in order to discover patterns which lead to intelligent decision making and advance warnings of possible threats, and this ability requires automation. Big data analytics and artificial intelligence can improve cyber defense. Big data analytics methods are applied to large data sets that contain different data types. The purpose is to detect patterns, correlations, trends, and other useful information. Artificial intelligence provides algorithms that can reason or learn and improve their behavior, and includes semantic technologies. A large number of automated systems are currently based on syntactic rules which are generally not sophisticated enough to deal with the level of complexity in this domain. An overview of artificial intelligence and big data technologies in cyber defense is provided, and important areas for future research are identified and discussed

Security-by-experiment: lessons from responsible deployment in cyberspace

Conceiving new technologies as social experiments is a means to discuss responsible deployment of technologies that may have unknown and potentially harmful side-effects. Thus far, the uncertain outcomes addressed in the paradigm of new technologies as social experiments have been mostly safetyrelated, meaning that potential harm is caused by the design plus accidental events in the environment. In some domains, such as cyberspace, dversarial agents (attackers)may be at least as important when it comes to undesirable effects of deployed technologies. In such cases, conditions for responsible experimentation may need to be implemented differently, as attackers behave strategically rather than probabilistically. In this contribution, we outline how adversarial aspects are already taken into account in technology deployment in the field of cyber security, and what the paradigm of new technologies as social experiments can learn from this. In particular, we show the importance of adversarial roles in social experiments with new technologies

Trust and Privacy Solutions Based on Holistic Service Requirements

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing

Context-aware Security for Vehicles and Fleets: A Survey

Vehicles are becoming increasingly intelligent and connected. Interfaces for communication with the vehicle, such as WiFi and 5G, enable seamless integration into the user’s life, but also cyber attacks on the vehicle. Therefore, research is working on in-vehicle countermeasures such as authentication, access controls, or intrusion detection. Recently, legal regulations have also become effective that require automobile manufacturers to set up a monitoring system for fleet-wide security analysis. The growing amount of software, networking, and the automation of driving create new challenges for security. Context-awareness, situational understanding, adaptive security, and threat intelligence are necessary to cope with these ever-increasing risks. In-vehicle security should be adaptive to secure the car in an infinite number of (driving) situations. For fleet-wide analysis and alert triage, knowledge and understanding of the circumstances are required. Context-awareness, nonetheless, has been sparsely considered in the field of vehicle security. This work aims to be a precursor to context-aware, adaptive and intelligent security for vehicles and fleets. To this end, we provide a comprehensive literature review that analyzes the vehicular as well as related domains. Our survey is mainly characterized by the detailed analysis of the context information that is relevant for vehicle security in the future