2020
DOI: 10.1186/s42400-020-00060-8
|View full text |Cite
|
Sign up to set email alerts
|

Automating threat modeling using an ontology framework

Abstract: Threat modeling is of increasing importance to IT security, and it is a complex and resource demanding task. The aim of automating threat modeling is to simplify model creation by using data that are already available. However, the collected data often lack context; this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler. The lack of domain knowledge in modeling automation can be addressed with ontologies. In this paper, we introduce an ontolog… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
11
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
6
2
1

Relationship

2
7

Authors

Journals

citations
Cited by 21 publications
(11 citation statements)
references
References 50 publications
0
11
0
Order By: Relevance
“…In particular, we exam-97 ine the areas of security vulnerability, ontologies and 98 healthcare sector cyber security. Välja et al [6] introduced an ontology framework for 101 improving automatic threat modelling, where they pro-102 posed a framework that is developed with conceptual 103 modelling, which is validated using different datasets 104 from water utility control network and university IT 105 environment. The goal of the framework is to sup-106 port the automation of threat modelling by improv-107 ing the comparability and completeness of data from 108 multiple sources based on specific data type elements 109 such as software products, operating systems, and data 110 flows.…”
Section: Related Work 95mentioning
confidence: 99%
“…In particular, we exam-97 ine the areas of security vulnerability, ontologies and 98 healthcare sector cyber security. Välja et al [6] introduced an ontology framework for 101 improving automatic threat modelling, where they pro-102 posed a framework that is developed with conceptual 103 modelling, which is validated using different datasets 104 from water utility control network and university IT 105 environment. The goal of the framework is to sup-106 port the automation of threat modelling by improv-107 ing the comparability and completeness of data from 108 multiple sources based on specific data type elements 109 such as software products, operating systems, and data 110 flows.…”
Section: Related Work 95mentioning
confidence: 99%
“…An ontology-based EA can be employed to solve the communication problems between humans, between systems, or between human and system [25]. Moreover, it can be used to address the lack of domain knowledge and mismatched data granularity in automating threat modeling [50].…”
Section: Enterprise Architecturementioning
confidence: 99%
“…Architecture modeling can aid system analysis and help handling the increasing complexity of IT landscapes [26], [27]. The importance of creating models to support decision-making has previously been addressed in some studies.…”
Section: Related Workmentioning
confidence: 99%