A security control ontology to support automated risk mitigation
Οντολογία μέτρων ασφάλειας για την υποστήριξη αυτοματοποιημένης αντιμετώπισης κινδύνων
View/
Keywords
Security ontology ; Mitigation ; MITRE ; ATT&CK ; D3FENDAbstract
The current state of technology has created a rapid expansion and usage of IT, OT and IoT devices in production, businesses and households. Along with these assets follows a wide range of threats that cyber security specialists will have to deal with in the coming years. There are many sources of information concerning cyber threats called Open Source Cyber Threat Intelligence (OSCTI). Such sources are MITRE's ATT&CK Framework, CWE and CAPEC, which are threat catalogues, MITRE’s CPE, an asset catalogue, CVE, a vulnerability database, MITRE’s Digital Artifact Ontology (DAO), which are originated from MITRE, but are currently maintained by NIST. These sources of information allow security analysts to extract data about cyber threats and known vulnerabilities that might affect their systems. A wide range of vulnerabilities and threats are enumerated in the above data sources, while a good percentage of them are semantically interconnected; these interconnections are captured to a certain degree in the OSCTI, but there is a shortage of linked vulnerabilities, threats and mitigations. In an attempt to resolve this issue, MITRE has created mitigations within the ATT&CK Framework, which apply to specific threats. An extended effort for this issue was the creation of D3fend Ontology, where specific security controls or mitigations apply to specific types of assets, derived from the Digital Artifact Ontology, which is part of the D3fend Ontology. Security controls and mitigations from the D3fend Ontology are directly connected to existing ATT&CK techniques. Therefore, a holistic approach is required in order to study all the existing interconnections within the CPE-CVE-CWE-CAPEC-ATT&CK-D3FEND-DAO spectrum and provide a statistical view. This way we may offer insights towards bridging the gap among CPE and DAO, which may yield threat profiles or known assets without known vulnerabilities. Moreover, CVE and D3FEND interconnections occur by this statistical view, which due to using multiple catalogues as stepping stones, might not be semantically correct, so it should be studied, in order to decide if it should be integrated with data derived from other interconnection methods.
Postgraduate Studies Programme
Κατανεμημένα Συστήματα, Ασφάλεια και Αναδυόμενες Τεχνολογίες ΠληροφορίαςDepartment
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα ΠληροφορικήςNumber of pages
74Language
EnglishCollections
Except where otherwise noted, this item's license is described as
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα
Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Όχι Παράγωγα Έργα 3.0 Ελλάδα