Ontological Approach toward Cybersecurity in Cloud Computing Takeshi Takahashi, Youki Kadobayashi NICT
advertisement
Click to edit Master title style Ontological Approach toward Cybersecurity in Cloud Computing Takeshi Takahashi, Youki Kadobayashi NICT Tokyo, Japan 2010/12/5 1 Focus of today’s discussion Click to edit Master title style This presentation discusses needed cybersecurity information for cloud computing based on an ontology 2010/12/5 2 Ontology of Cybersecurity Operational Information We built an ontology following the 3-step approach Three steps to build the ontology Click to edit Master title style 1 2 Design Operation Domain 3 Design Entity Design Cybersecurity Information KB DB KB Domain B DB DB Source : “Ontological Approach toward Cybersecurity in Cloud Computing,” ACM SIN, September 2010 Domain C Domain A Domain B Domain C Domain A Domain B Domain C Domain A DB KB 2010/12/5 3 Ontology of Cybersecurity Operational Information This ontology could be used as a basis of discussing cybersecurity issues IT Infrastructure Provider Product & Service KB Click Master title style Providerto edit refers Resource DB Version KB refers manipulates User Resource Configuration KB refers DB Product & Service Developer organizes provides information to refers Countermeasure KB Administrator refers Incident Handling domain manipulates refers Assessment KB Detection / Protection KB Registrar Incident DB refers Response Team refers provides information to Cyber Risk KB refers Vulnerability KB manipulates Coordinator organizes Warning DB refers organizes Knowledge Accumulation domain IT Asset Management domain manipulates Threat KB Researcher DB: Database KB: Knowledge base Source : “Ontological Approach toward Cybersecurity in Cloud Computing,” ACM SIN, September 2010 2010/12/5 4 CYBEX Ontology The ontology is referenced by X.1500 and is utilized as a basis of reviewing the orchestration of existing works Mapping of cybersecurity information standards Click to edit Master title style Provider Resource DB IT Asset Management Domain IT Infra. Prvdr Product & Service KB CPE CCE User Resource DB Researcher ARF Administrator Incident DB IODEF Incident Handling Domain Res. Team Countermeasure KB CEE Pfoc CWSS CVSS OVAL XCCDF Registrar Knowledge Accumulation Domain Warning DB Coordinator Evidence DB TS102232 TS102657 Forensics Domain Inspector RFC3924 TS23.271 X.dexf EDRM Cyber Risk KB CVE CWE CAPEC MAEC Product & Service Developer 2010/12/5 5 Scope of today’s presentation In this presentation, we would like to discuss some of the issues toward cybersecurity in cloud computing manipulates IT Infrastructure Provider 3 Click Master title style Providerto edit refers Product & Service KB Resource DB Version KB refers manipulates User Resource Configuration KB refers DB Product & Service Developer organizes provides information to refers Countermeasure KB Administrator refers refers Incident Handling domain Registrar Incident DB refers Response Team refers provides information to Cyber Risk KB refers Vulnerability KB manipulates Coordinator organizes Detection / Protection KB 2 manipulates Assessment KB Warning DB refers organizes Knowledge Accumulation domain IT Asset Management domain 1 Threat KB Researcher DB: Database KB: Knowledge base 2010/12/5 6 IT Asset Management domain Needed information in the User Resource DB Click to edit Master title style A Service subscription information E Resource dependency information D Security level information B Identity information Cloud Security Information C Data access control policy * this presentation omit discussing Provider Resource DB due to the interest of time Source : “Ontological Approach toward Cybersecurity in Cloud Computing,” ACM SIN, September 2010 2010/12/5 7 Incident Handling domain Needed information in the Incident Handling domain Incident DB Data provenance Click to edit Master title style Warning DB • Log of any data manipulation • Warnings need to be provided to Warning to indirect users indirect users of warned resources • Change log of the Data mapping between placement log logical and physical data location • Incident/event Data incident/event information on data apart from asset information Warning on data incident/event • Warning of incident/event on data apart from asset Source : “Ontological Approach toward Cybersecurity in Cloud Computing,” ACM SIN, September 2010 2010/12/5 8 Knowledge Accumulation domain Needed information in the Knowledge Accumulation domain Cyber Risk KB Click to edit Master title style Configuration vulnerability • Vulnerabilities caused by mis-configuration of resources and their combinations Human factors causing risks • Human vulnerabilities causing cyber risks (the weakest links are humans) Countermeasure KB Methodologies to evaluate cybersecurity • Existing methodologies such as CVSS need to be advanced further to cope with cloud computing Product&Service KB Cloud service enumeration /taxonomy • Naming of cloud services and the enumeration and taxonomy Service configuration enumeration /taxonomy • Naming of service configuration and the enumeration and taxonomy Source : “Ontological Approach toward Cybersecurity in Cloud Computing,” ACM SIN, September 2010 2010/12/5 9 Summary In order to maintain cybersecurity in cloud computing, further research and standardization activities are needed Click to edit Master title style • Based on the CYBEX ontology, we raised some cybersecurity issues to accommodate cloud computing – Resource dependency, identity, data provenance, data placement change log, data incident, human factors, service enumeration/taxonomy, etc. • In order to accommodate cloud computing, further research and standardization activities are needed, and CYBEX / CYBEX ontology is a good starting point for discussing them • Some more details are available at “Ontological Approach toward Cybersecurity in Cloud Computing” (ACM SIN, September 2010) 2010/12/5 10
