Ontological analysis in the problems of container applications threat modelling-Reference-Cited by-同舟云学术

Ontological analysis in the problems of container applications threat modelling

Published:2023-12-29 Issue:4 Volume:20 Page:69-86
ISSN:2617-6963
Container-title:Informatics
language:
Short-container-title:Informatika (Minsk)

Author:

Brazhuk A. I.¹,Olizarovich E. V.¹

Affiliation:

1. Yanka Kupala State University of Grodno

Abstract

Objectives. The main purpose of the work is the experimental verification of the method of automatic threat modelling based on the ontological approach using the example of multicomponent container applications presented in the form of data flow diagrams.Methods. Methods of ontological modelling and knowledge management are used in the work. The Web Ontology Language is used to represent knowledge; automatic reasoning based on description logics is used for threat modelling.Results. A machine-readable set (dataset) of 200 data flow diagrams is developed; each diagram is obtained from the configuration of a real container application and is presented as an ontology and a knowledge graph. An ontological two-level domain-specific threat model of container applications is formed. An experiment is conducted to compare the coverage by threats using the common approach and using domain-specific threats for created dataset. For 95 % of the diagrams, the domain-specific threat model showed the coverage similar or greater than the common approach.Conclusion. The results of the experiment prove the suitability and effectiveness of the ontological approach for automatic threat modelling. The created dataset can be used for various research in the field of automation of threat modelling.

Publisher

United Institute of Informatics Problems of the National Academy of Sciences of Belarus

Subject

General Earth and Planetary Sciences,General Environmental Science

Reference32 articles.

1. Shostack A. Experiences threat modeling at Microsoft. MODSEC@ MoDELS, 2008, vol. 2008, 35 p.

2. Konev A., Shelupanov A., Kataev M., Ageeva V., Nabieva A. A survey on threat-modeling techniques: protected objects and classification of threats. Symmetry, 2022, vol. 14, no. 3, p. 549.

3. Makarevich V. A., Miniukovich K. A., Mulyarchik K. S. Organisation’s information security threat analysis and modelling based on a universal canvas. Zhurnal Belorusskogo gosudarstvennogo universiteta. Ekonomika [Journal of the Belarusian State University. Economics], 2021, no. 1, pp. 57–68 (In Russ.).

4. Kochin V. P., Vorotnitsky U. I. Proektirovanie i obespechenie bezopasnosti integrirovannyh obrazovatel'nyh informacionno-kommunikacionnyh system. Design and Security of Integrated Educational Information and Communication Systems. Minsk, Belarusian State University, 2022, 168 p. (In Russ.).

5. Verreydt S., Van Landuyt D., Joosen W. Expressive and systematic risk assessments with instance-centric threat models. SAC'23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing, Tallinn, Estonia, 27–31 March 2023. Tallinn, 2023, pp. 1450–1457.