Skip to main content
SpringerLink
Log in

Format and Usage Model of Security Patterns in Ontology-Driven Threat Modelling

  • Conference paper
  • First Online:
Book cover Artificial Intelligence (RCAI 2020)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 12412))

Included in the following conference series:

  • 976 Accesses

Abstract

To provide security for modern computer systems (i.e. identify threats and employ countermeasures) threat modelling is used on early stages of life cycle (requirements, design). Security patterns can be applied as security design decisions. However there are some challenges, related to management of security patterns, in particular, lack of methods to identify the necessity of security patterns and weak integration with security risk-based models. To overcome these restrictions we have developed an ontological format (schema), which allows a) creating security pattern catalogs, and b) defining context labels to map patterns with design decisions and security problems. We have proposed a usage model of security pattern catalogs. The usage model enables creation of domain-specific threat models, used for ontology-driven threat modelling. Also, OWL ontology and a free toolset (Java, OWL API) have been developed to manage security pattern catalogs and motivate development of high-level software tools for maintenance of security pattern catalogs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/nets4geeks/SPCatalogMaker.

References

  1. Fernandez, E.B.: Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. Wiley, Hoboken (2013)

    Google Scholar 

  2. Jafari, A.J., Rasoolzadegan, A.: Security patterns: a systematic mapping study. arXiv preprint arXiv:1811.12715 (2018)

  3. Washizaki, H., et al.: Taxonomy and literature survey of security pattern research. In: 2018 IEEE Conference on Application, Information and Network Security (AINS), pp. 87–92. IEEE (2018)

    Google Scholar 

  4. van Den Berghe, A., et al.: Security patterns 2.0: toward security patterns based on security building blocks. In: 2018 IEEE/ACM 1st International Workshop on Security Awareness from Design to Deployment (SEAD), pp 45–48. IEEE (2018)

    Google Scholar 

  5. Zhioua, Z., et al.: Formal specification of security guidelines for program certification. In: 2017 International Symposium on Theoretical Aspects of Software Engineering (TASE). IEEE (2017)

    Google Scholar 

  6. Doynikova, E., et al.: Ontology of metrics for cyber security assessment. In: Proceedings of the 14th International Conference on Availability, Reliability and Security (2019)

    Google Scholar 

  7. Takahashi, T., et al.: Web of cybersecurity: linking, locating, and discovering structured cybersecurity information. Int. J. Commun. Syst. 31(5) (2018)

    Google Scholar 

  8. Gaskova, D., Massel, A.: Semantic modeling of cyber threats in the energy sector using Dynamic Cognitive Maps and Bayesian Belief Network. In: 7th Scientific Conference on Information Technologies for Intelligent Decision Making Support (ITIDS 2019). Atlantis Press (2019)

    Google Scholar 

  9. Brazhuk, A.: Security patterns based approach to automatically select mitigations in ontology-driven threat modelling. In: Open Semantic Technologies for Intelligent Systems (OSTIS), pp. 267–272 (2020)

    Google Scholar 

  10. VanHilst, M., et al.: A multi-dimensional classification for users of security patterns. J. Res. Pract. Inf. Technol. 41(2), 87–97 (2009)

    Google Scholar 

  11. Guan, H., et al.: An ontology-based approach to security pattern selection. Int. J. Autom. Comput. 13(2), 168–182 (2016)

    Article  MathSciNet  Google Scholar 

  12. Vale, A.P., Fernandez, E.B.: An ontology for security patterns. In: 38th International Conference of the Chilean Computer Science Society (SCCC). IEEE (2019)

    Google Scholar 

  13. Fernandez, E.B., et al.: Building a security reference architecture for cloud systems. Requirements Eng. 21(2), 225–249 (2016)

    Article  Google Scholar 

  14. Shu, R., et al.: A study of security vulnerabilities on docker hub. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 269–280 (2017)

    Google Scholar 

  15. Abdul-Ghani, H.A., et al.: A comprehensive IoT attacks survey based on a building-blocked reference model. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 9, 355–373 (2018)

    Google Scholar 

  16. Bakhshi, Z., et al.: Industrial IoT security threats and concerns by considering Cisco and Microsoft IoT reference models. In: 2018 IEEE Wireless Communications and Networking Conference Workshops (WCNCW), pp. 173–178. IEEE (2018)

    Google Scholar 

  17. Naraliyev, N.A., Samal, D.I.: Review and analysis of standards and protocols in the field of Internet of Things. Modern testing methods and problems of information security IoT. Int. J. Open Inf. Technol. 7(8), 94–104 (2019)

    Google Scholar 

  18. Brazhuk, A.: Semantic model of attacks and vulnerabilities based on CAPEC and CWE dictionaries. Int. J. Open Inf. Technol. 7(3), 38–41 (2019)

    Google Scholar 

  19. Ibrahim, A., et al.: A security review of local government using NIST CSF: a case study. J. Supercomputing 74(10), 5171–5186 (2018)

    Article  Google Scholar 

  20. Diamantopoulou, V., Tsohou, A., Karyda, M.: From ISO/IEC 27002:2013 information security controls to personal data protection controls: guidelines for GDPR compliance. In: Katsikas, S., et al. (eds.) CyberICPS/SECPRE/SPOSE/ADIoT - 2019. LNCS, vol. 11980, pp. 238–257. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42048-2_16

    Chapter  Google Scholar 

  21. Dwivedi, A.K., Rath, S.K.: Formalization of web security patterns. INFOCOMP 14(1), 14–25 (2015)

    Article  Google Scholar 

  22. Xia, T., et al.: Cloud security and privacy metamodel. In: Proceedings of the 6th International Conference on Model-Driven Engineering and Software Development, pp. 379–386. LDA (2018)

    Google Scholar 

  23. Salva, S., Regainia, L.: A catalogue associating security patterns and attack steps to design secure applications. J. Comput. Secur. 27(1), 49–74 (2019)

    Article  Google Scholar 

  24. Saatkamp, K., et al.: An approach to automatically detect problems in restructured deployment models based on formalizing architecture and design patterns. SICS Softw. Intensive Cyber Phys. Syst. 34(2–3), 85–97 (2019)

    Article  Google Scholar 

  25. Hamid, B., et al.: Security patterns modeling and formalization for pattern-based development of secure software systems. Innovations Syst. Softw. Eng. 12(2), 109–140 (2016)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Yanka Kupala State University of Grodno, Grodno, Belarus

    Andrei Brazhuk & Evgeny Olizarovich

Authors
  1. Andrei Brazhuk
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Evgeny Olizarovich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrei Brazhuk .

Editor information

Editors and Affiliations

  1. National Research University Higher School, Moscow, Russia

    Sergei O. Kuznetsov

  2. Moscow Institute of Physics and Technology, Dolgoprudny, Russia

    Aleksandr I. Panov

  3. Federal Research Center Computer Science and Control, Moscow, Russia

    Konstantin S. Yakovlev

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brazhuk, A., Olizarovich, E. (2020). Format and Usage Model of Security Patterns in Ontology-Driven Threat Modelling. In: Kuznetsov, S.O., Panov, A.I., Yakovlev, K.S. (eds) Artificial Intelligence. RCAI 2020. Lecture Notes in Computer Science(), vol 12412. Springer, Cham. https://doi.org/10.1007/978-3-030-59535-7_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-59535-7_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59534-0

  • Online ISBN: 978-3-030-59535-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation