Automating threat modeling using an ontology framework
Validated with data from critical infrastructures release_yi6bwez6urgpvddvefvhhuxvxy

by Margus Välja, Fredrik Heiding, Ulrik Franke, Robert Lagerström

Published in Cybersecurity by Springer Science and Business Media LLC.

2020  

Abstract

<jats:title>Abstract</jats:title> Threat modeling is of increasing importance to IT security, and it is a complex and resource demanding task. The aim of automating threat modeling is to simplify model creation by using data that are already available. However, the collected data often lack context; this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler. The lack of domain knowledge in modeling automation can be addressed with ontologies. In this paper, we introduce an ontology framework to improve automatic threat modeling. The framework is developed with conceptual modeling and validated using three different datasets: a small scale utility lab, water utility control network, and university IT environment. The framework produced successful results such as standardizing input sources, removing duplicate name entries, and grouping application software more logically.
In application/xml+jats format

Archived Files and Locations

application/pdf  2.2 MB
file_l2vu5tsfhrgrlldabebupemxjq
cybersecurity.springeropen.com (publisher)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article-journal
Stage   published
Date   2020-10-01
Language   en ?
Container Metadata
Open Access Publication
In DOAJ
In Keepers Registry
ISSN-L:  2523-3246
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: c260a462-3679-4185-a102-415d0f43c5ce
API URL: JSON