Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

Multi-cloud Security Mechanisms for Smart Environments

Achieving transparency and security awareness in cloud environments is a challenging task. It is even more challenging in multi-cloud environments (where application components are distributed across multiple clouds) owing to its complexity. This complexity open doors to the introduction of threats and makes it difficult to know how the application components are performing and when remedial actions should be taken in the case of an anomaly. Nowadays, many cloud customers are becoming more interested in having a knowledge of their application status, particularly as it relates to the security of the application owing to growing cloud security concerns, which is multi-faceted in multi-cloud environments. This has necessitated the need for adequate visibility and security awareness in multi-cloud environments. However, this is threatened by non-standardization and diverse CSP platforms. This thesis presents a security evaluation framework for multi-cloud applications. It aims to facilitate transparency and security awareness in multi-cloud applications through adequate evaluation of the application components deployed across different clouds as well as the entire multi-cloud application. This will ensure that the health, internal events and performance of the multi-cloud application can be known. As a result of this, the security status and information about the multi-cloud application can be made available to application owners, cloud service providers and application users. This will increase cloud customers’ trust in using multi-clouds and ensure verification of the security status of multi-cloud components at any time desired. The security evaluation framework is based on threat identification and risk analysis, application modelling with ontology, selection of metrics and security controls, application security monitoring, security measurement, decision making and security status visualization