Clive Blackwell
ABSTRACT
We have developed a new security incident ontology that considers organizations and their systems in their entirety, rather than software alone. This includes the corresponding defensive classes to the offensive incident categories, as adverse events should also be considered from the defender's viewpoint taking its goals and specific circumstances into account. We have created a three-layer security architecture comprising the social, logical and physical levels that allows the planning of comprehensive defensive measures with complete and reinforcing attack surfaces that span all levels. These ideas allow a holistic analysis of incidents, including human and physical factors, rather than from a technical viewpoint alone, that can give comprehensive defense-in-depth to prevent, detect or recover from incidents. We will use OWL to give a well-defined semantics to the ontology, which could be used to give a formal basis to security incidents.
Supplemental Material
Available for Download
- M Howard (2004). "Attack surface: mitigate security risks by minimizing the code you expose to untrusted users". MSDN magazine (November 2004), at http://msdn.microsoft.com/en-us/magazine/cc163882.aspx.Google Scholar
- JR Boyd (1986). "Patterns of Conflict", at http://committeeofpublicsafety.files.wordpress.com/2009/11/poc.pdf. Updated version by C Spinney and C Richards (2007), at http://committeeofpublicsafety.files.wordpress.com/2009/11/patterns_ppt.pdf.Google Scholar
- C Blackwell (2010). "Improved Situational Awareness and Response with Enhanced OODA Loops". 6th CSIIR Workshop. ACM Press.Google Scholar
- PG Neumann and D Parker (1989). "A Summary of Computer Misuse Techniques". Proceedings of the 12th National Computer Security Conference.Google Scholar
- PG Neumann (2000). "Practical Architectures for Survivable Systems and Networks". SRI International, at www.csl.sri.com/neumann/survivability.pdf.Google Scholar
- JD Howard (1997). "An Analysis of Security Incidents on the Internet, 1989--1995". PhD thesis. Carnegie-Mellon University, at www.cert.org/research/JHThesis. Google ScholarDigital Library
- JD Howard and TA Longstaff (1998). "A common language for computer security incidents". Sandia National Laboratories, at www.cert.org/research/taxonomy_988667.pdf.Google Scholar
- F Swiderski and W Snyder (2004). "Threat Modeling". Microsoft Press. Google ScholarDigital Library
- W3C OWL Working Group (2009). "OWL 2 Web Ontology Language Document Overview". W3C (27 Oct 2009), at www.w3.org/TR/owl2-overview.Google Scholar
- MITRE. "Common Weaknesses Enumeration". The MITRE Corporation, available at http://cwe.mitre.org.Google Scholar
Index Terms
- A security ontology for incident analysis
Recommendations
The STAC (security toolbox: attacks & countermeasures) ontology
WWW '13 Companion: Proceedings of the 22nd International Conference on World Wide WebWe present a security ontology to help non-security expert software designers or developers to: (1) design secure software and, (2) to understand and be aware of main security concepts and issues. Our security ontology defines the main security concepts ...
A Preliminary Cyber Ontology for Insider Threats in the Financial Sector
MIST '15: Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security ThreatsInsider attack has become a major threat in financial sector and is a very serious and pervasive security problem. Currently, there is no insider threat ontology in this domain and such an ontology is critical to developing countermeasures against ...
A security architecture to protect against the insider threat from damage, fraud and theft
CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and StrategiesThe insider threat poses a significant and increasing problem for organizations. This is shown by the regular stories of fraud and data loss reported daily in the media in the US and elsewhere. There is a need to provide systematic protection from ...
Comments