Ανάπτυξη οντολογίας ασφάλειας για την ανάλυση και διαχείριση επικινδυνότητας ΙοΤ συσκευών και συστημάτων κρίσιμων υποδομών
Development of a cybersecurity ontology for the analysis and management or risk for IoT and critical infrastructure systems
Μπερζοβίτης, Αδαμάντιος - Μάριος
Berzovitis, Adamantios - Marios
Modern companies and organizations continuously upgrade their informational systems in the digital and the physical level. These upgrades vary -depending on the needs of organizations-, ranging from daily used workstations to network equipment, Internet of Things (IOT) devices and Supervisory Control and Data Acquisition (SCADA) systems. From the cybersecurity perspective, these lasting changes, exacerbate the need for efficient construction, analysis, and knowledge extraction, derived from a vast amount of complex data. The goal of this thesis is the development of a methodology which can contribute to this direction, supported by an open-source cybersecurity tool that represents an interconnected graph, which contains vulnerability and asset databases such as Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE) which are recorded and updated by the National Institute of Technology (NIST) and catalogues such as Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC) which are provided by MITRE. The goal of this implementation is to support existing risk assessment methodologies, by providing a useful and large information map which can automate risk assessment’s phases such as the threat and vulnerability reconnaissance of an informational system. To validate the use of this tool and methodology, we demonstrate use case scenarios, we extract additional connections and unveil additional relationships. This way, we extend existing knowledge of known security catalogues and databases and create an initial methodology to connect this static information, to temporal objects like the malicious user profiles provided by Intel’s Threat Agent Library.