Abstract
To provide security for modern computer systems (i.e. identify threats and employ countermeasures) threat modelling is used on early stages of life cycle (requirements, design). Security patterns can be applied as security design decisions. However there are some challenges, related to management of security patterns, in particular, lack of methods to identify the necessity of security patterns and weak integration with security risk-based models. To overcome these restrictions we have developed an ontological format (schema), which allows a) creating security pattern catalogs, and b) defining context labels to map patterns with design decisions and security problems. We have proposed a usage model of security pattern catalogs. The usage model enables creation of domain-specific threat models, used for ontology-driven threat modelling. Also, OWL ontology and a free toolset (Java, OWL API) have been developed to manage security pattern catalogs and motivate development of high-level software tools for maintenance of security pattern catalogs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Fernandez, E.B.: Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. Wiley, Hoboken (2013)
Jafari, A.J., Rasoolzadegan, A.: Security patterns: a systematic mapping study. arXiv preprint arXiv:1811.12715 (2018)
Washizaki, H., et al.: Taxonomy and literature survey of security pattern research. In: 2018 IEEE Conference on Application, Information and Network Security (AINS), pp. 87–92. IEEE (2018)
van Den Berghe, A., et al.: Security patterns 2.0: toward security patterns based on security building blocks. In: 2018 IEEE/ACM 1st International Workshop on Security Awareness from Design to Deployment (SEAD), pp 45–48. IEEE (2018)
Zhioua, Z., et al.: Formal specification of security guidelines for program certification. In: 2017 International Symposium on Theoretical Aspects of Software Engineering (TASE). IEEE (2017)
Doynikova, E., et al.: Ontology of metrics for cyber security assessment. In: Proceedings of the 14th International Conference on Availability, Reliability and Security (2019)
Takahashi, T., et al.: Web of cybersecurity: linking, locating, and discovering structured cybersecurity information. Int. J. Commun. Syst. 31(5) (2018)
Gaskova, D., Massel, A.: Semantic modeling of cyber threats in the energy sector using Dynamic Cognitive Maps and Bayesian Belief Network. In: 7th Scientific Conference on Information Technologies for Intelligent Decision Making Support (ITIDS 2019). Atlantis Press (2019)
Brazhuk, A.: Security patterns based approach to automatically select mitigations in ontology-driven threat modelling. In: Open Semantic Technologies for Intelligent Systems (OSTIS), pp. 267–272 (2020)
VanHilst, M., et al.: A multi-dimensional classification for users of security patterns. J. Res. Pract. Inf. Technol. 41(2), 87–97 (2009)
Guan, H., et al.: An ontology-based approach to security pattern selection. Int. J. Autom. Comput. 13(2), 168–182 (2016)
Vale, A.P., Fernandez, E.B.: An ontology for security patterns. In: 38th International Conference of the Chilean Computer Science Society (SCCC). IEEE (2019)
Fernandez, E.B., et al.: Building a security reference architecture for cloud systems. Requirements Eng. 21(2), 225–249 (2016)
Shu, R., et al.: A study of security vulnerabilities on docker hub. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 269–280 (2017)
Abdul-Ghani, H.A., et al.: A comprehensive IoT attacks survey based on a building-blocked reference model. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 9, 355–373 (2018)
Bakhshi, Z., et al.: Industrial IoT security threats and concerns by considering Cisco and Microsoft IoT reference models. In: 2018 IEEE Wireless Communications and Networking Conference Workshops (WCNCW), pp. 173–178. IEEE (2018)
Naraliyev, N.A., Samal, D.I.: Review and analysis of standards and protocols in the field of Internet of Things. Modern testing methods and problems of information security IoT. Int. J. Open Inf. Technol. 7(8), 94–104 (2019)
Brazhuk, A.: Semantic model of attacks and vulnerabilities based on CAPEC and CWE dictionaries. Int. J. Open Inf. Technol. 7(3), 38–41 (2019)
Ibrahim, A., et al.: A security review of local government using NIST CSF: a case study. J. Supercomputing 74(10), 5171–5186 (2018)
Diamantopoulou, V., Tsohou, A., Karyda, M.: From ISO/IEC 27002:2013 information security controls to personal data protection controls: guidelines for GDPR compliance. In: Katsikas, S., et al. (eds.) CyberICPS/SECPRE/SPOSE/ADIoT - 2019. LNCS, vol. 11980, pp. 238–257. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42048-2_16
Dwivedi, A.K., Rath, S.K.: Formalization of web security patterns. INFOCOMP 14(1), 14–25 (2015)
Xia, T., et al.: Cloud security and privacy metamodel. In: Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development, pp. 379–386. LDA (2018)
Salva, S., Regainia, L.: A catalogue associating security patterns and attack steps to design secure applications. J. Comput. Secur. 27(1), 49–74 (2019)
Saatkamp, K., et al.: An approach to automatically detect problems in restructured deployment models based on formalizing architecture and design patterns. SICS Softw. Intensive Cyber Phys. Syst. 34(2–3), 85–97 (2019)
Hamid, B., et al.: Security patterns modeling and formalization for pattern-based development of secure software systems. Innovations Syst. Softw. Eng. 12(2), 109–140 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Brazhuk, A., Olizarovich, E. (2020). Format and Usage Model of Security Patterns in Ontology-Driven Threat Modelling. In: Kuznetsov, S.O., Panov, A.I., Yakovlev, K.S. (eds) Artificial Intelligence. RCAI 2020. Lecture Notes in Computer Science(), vol 12412. Springer, Cham. https://doi.org/10.1007/978-3-030-59535-7_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-59535-7_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59534-0
Online ISBN: 978-3-030-59535-7
eBook Packages: Computer ScienceComputer Science (R0)