Ontological approach toward cybersecurity in cloud computing

SIN'10 - Proceedings of the 3rd International Conference of Security of Information and Networks

Volumn , Issue , 2010, Pages 100-109

  Takahashi, Takeshi ^a   Kadobayashi, Youki ^b   Fujiwara, Hiroyuki ^c  

^a NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY   (Japan)

^b NARA INSTITUTE OF SCIENCE AND TECHNOLOGY   (Japan)

^c Solution Crew Inc   (Japan)

Author keywords

Cloud computing; Cybersecurity; Information exchange; Ontology

Indexed keywords

CLOUD COMPUTING; CYBER SECURITY; DATA PROVENANCE; INFORMATION EXCHANGES; INITIAL STAGES; ONTOLOGICAL APPROACH; RESOURCE DEPENDENCIES;

FREQUENCY HOPPING; GRID COMPUTING; INFORMATION DISSEMINATION; ONTOLOGY;

SECURITY OF DATA;

EID: 77958047034     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1854099.1854121     Document Type: Conference Paper

References (38)

1. European Network and Information Security Agency(ENISA). URL http://www.enisa.europa.eu/.
2. Security Guidance for Critical Areas of Focus in Cloud Computing V2.1. Cloud Security Alliance, December 2009.
3. J. Baker, A. Buttner, and T. Wittbold. Common Result Format (CRF) Specification Version 0.3. URL http://crf.mitre.org/, September 2009.
4. C. Blanco, J. Lasheras, R. Valencia-Garcia, E. Fernandez-Medina, A. Toval, and M. Piattini. A systematic review and comparison of security ontologies. In The Third International Conference on Availability, Reliability and Security, 2008.
5. A. Buttner and N. Ziring. Common Platform Enumeration (CPE) - Specification. URL http://cpe.mitre.org/, March 2009.
6. R. Danyliw, J. Meijer, and Y. Demchenko. The Incident Object Description Exchange Format. IETF Request For Comments 5070, December 2007.
7. S. Decker, M. Erdmann, D. Fensel, and R. Studer. Ontobroker: Ontology based access to distributed and semi-structured information. DS-8: Semantic Issues in Multimedia Systems, 1999.
8. G. Denker, L. Kagal, and T. Finin. Security in the semantic web using owl. In Information Security Technical Report, pages 51-58, 2005. (Pubitemid 40497376)
9. Distributed Management Task Force, Inc. Interoperabile Clouds - A White Paper from the Open Cloud Standards Incubator Version 1.0.0. DSP-IS0101, November 2009.
10. S. Fenz and A. Ekelhart. Formalizing information security knowledge. In ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pages 183-194, New York, NY, USA, 2009. ACM.
11. F. Gens. IDC's New IT Cloud Services Forecast: 2009-2013. Internal Data Corporation (IDC), October 2009.
12. T. R. Gruber. Toward principles for the design of ontologies used for knowledge sharing. International Journal of Human-Computer Studies, 43(5-6):907-928, 1995.
13. ISO/IEC/JTC 1/SC 27. Information Technology - Guidelines for the management of IT Security - Part 1: Concepts and models for IT Security. December 1996.
14. P. Johansson, L. Hall, S. Sikstrom, and A. Olsson.Failure to detect mismatches between intention and outcome in a simple decision task. Science, 310(5745):116, 2005.
15. P. Mell and T. Grance. The NIST Definition of Cloud Computing. National Institute of Standards and Technology, 2009.
16. P. Mell, K. Scarfone, and S. Romanosky. The Common Vulnerability Scoring System (CVSS) and Its Applicability to Federal Agency Systems. NIST Interagency Report 7435, August 2007.
17. L. Moreau, P. Groth, S. Miles, J. Vazquez-Salceda, J. Ibbotson, S. Jiang, S. Munroe, O. Rana, A. Schreiber, V. Tan, and L. Varga. The provenance of electronic data. Commun. ACM, 51(4):52-58, 2008.
18. T. Moses. eXtensible Access Control Markup Language (XACML) Version 2.0. Organization for the Advancement of Structured Information Standards, February 2005.
19. National Institute of Standards and Technology. National Vulnerability Database (NVD). URL http://nvd.nist.gov/.
20. Organisation for economic co-operation and development. OECD Guidelines for the Security of Information Systems and Networks. July 2002.
21. S. E. Parkin, A. van Moorsel, and R. Coles. An information security ontology incorporating human-behavioural implications. In SIN '09: Proceedings of the 2nd international conference on Security of information and networks, pages 46-55, New York, NY, USA, 2009. ACM.
22. Storage Networking Industry Association. Cloud Data Management Interface Version 1.0. URL http://cdmi.sniacloud.com/, April 2010.
23. T. Takahashi, H. Fujiwara, and Y. Kadobayashi. Building ontology of cybersecurity operational information. In CSIIRW '10: Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research, 2010.
24. The MITRE Corporation. Common Attack Pattern Enumeration and Classification (CAPEC). URL http://capec.mitre.org/, September 2009.
25. The MITRE Corporation. Common Vulnerability and Exposures (CVE). URL http://cve.mitre.org/, March 2009.
26. The MITRE Corporation. Assessment Results Format (ARF). URL http://measurablesecurity.mitre.org/incubator/arf/, March 2010.
27. The MITRE Corporation. Common Configuration Enumeration (CCE). URL http://cce.mitre.org/, March 2010.
28. The MITRE Corporation. Common Event Expression (CEE). URL http://cee.mitre.org/, January 2010.
29. The MITRE Corporation. Common Weakness Enumeration (CWE). URL http://cwe.mitre.org/, February 2010.
30. The MITRE Corporation. Common Weakness Scoring System (CWSS). URL http://cwe.mitre.org/cwss/index.html, February 2010.
31. The MITRE Corporation. Malware Attribute Enumeration and Characterization. URL http://maec.mitre.org/, February 2010.
32. The MITRE Corporation. Open Vulnerability and Assessment Language (OVAL). URL http://oval.mitre.org/, February 2010.
33. Thijs Metsch. Use cases and requirements for a Cloud API. Open Cloud Computing Interface GFD-I. 162, January 2010.
34. B. Tsoumas, S. Dritsas, and D. Gritzalis. An ontology-based approach to information systems security management. Computer Network Security, pages 151-164, 2005.
35. B. Tsoumas and D. Gritzalis. Towards an ontology-based security management. In AINA '06: Proceedings of the 20th International Conference on Advanced Information Networking and Applications, pages 985-992, Washington, DC, USA, 2006. IEEE Computer Society.
36. J. A. Wang and M. Guo. OVM: an ontology for vulnerability management. In CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research, pages 1-4, New York, NY, USA, 2009. ACM.
37. J. A. Wang and M. Guo. Security data mining in an ontology for vulnerability management. pages 597-603, aug. 2009.
38. N. Ziring and S. D. Quinn. Specification for the Extensible Configuration Checklist Description Format (XCCDF) version 1.1.4. NIST Interagency Report 7275 Revision 3, January 2008.