Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2012: Data and Applications Security and Privacy XXVI pp 177–192Cite as

  1. Home
  2. Data and Applications Security and Privacy XXVI
  3. Conference paper
Decentralized Semantic Threat Graphs

Decentralized Semantic Threat Graphs

  • Simon N. Foley17 &
  • William M. Fitzgerald17 
  • Conference paper
  • 1930 Accesses

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7371)

Abstract

Threat knowledge-bases such as those maintained by MITRE and NIST provide a basis with which to mitigate known threats to an enterprise. These centralised knowledge-bases assume a global and uniform level of trust for all threat and countermeasure knowledge. However, in practice these knowledge-bases are composed of threats and countermeasures that originate from a number of threat providers, for example Bugtraq. As a consequence, threat knowledge consumers may only wish to trust knowledge about threats and countermeasures that have been provided by a particular provider or set of providers. In this paper, a trust management approach is taken with respect to threat knowledge-bases. This provides a basis with which to decentralize and delegate trust for knowledge about threats and their mitigation to one or more providers. Threat knowledge-bases are encoded as Semantic Threat Graphs. An ontology-based delegation scheme is proposed to manage trust across a model of distributed Semantic Threat Graph knowledge-bases.

Keywords

  • Decentralized Threat Management
  • Security Configuration

Download conference paper PDF

References

  1. http://www.nist.gov/

  2. http://www.us-cert.gov/

  3. http://www.securityfocus.com

  4. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 706–734 (1993), http://doi.acm.org/10.1145/155183.155225

    CrossRef  Google Scholar 

  5. Agarwal, S., Rudolph, S.: Semantic Description of Behavior and Trustworthy Credentials of Web Services. In: 6th International Semantic Web Conference, Busan, Korea (November 2007)

    Google Scholar 

  6. Agudo, I., Lopez, J., Montenegro, J.A.: Enabling attribute delegation in ubiquitous environments. Mobile Netw. Appl., 1–13 (July 2008), http://www.springerlink.com/content/q845pp64672m3586/

  7. Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P.: The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press (March 2003)

    Google Scholar 

  8. Bao, J., Voutsadakis, G., Slutzki, G., Honavar, V.: Package-Based Description Logics. In: Stuckenschmidt, H., Parent, C., Spaccapietra, S. (eds.) Modular Ontologies. LNCS, vol. 5445, pp. 349–371. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  9. Becker, M., Fournet, C., Gordon, A.: Design and semantics of a decentralized authorization language. In: 20th IEEE Computer Security Foundations Symposium (January 2007)

    Google Scholar 

  10. Bertino, E., Jajodia, S., Samarati, P.: Supporting multiple access control policies in database systems. In: Proceedings of the 1996 IEEE Conference on Security and Privacy, SP 1996, pp. 94–107. IEEE Computer Society, Washington, DC (1996), http://dl.acm.org/citation.cfm?id=1947337.1947353

    Google Scholar 

  11. Bistarelli, S., Martinelli, F., Santini, F.: A Semantic Foundation for Trust Management Languages with Weights: An Application to the RT Family. In: Rong, C., Jaatun, M.G., Sandnes, F.E., Yang, L.T., Ma, J. (eds.) ATC 2008. LNCS, vol. 5060, pp. 481–495. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  12. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The keynote trust-management system, version 2 (September 1999)

    Google Scholar 

  13. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 164–173. IEEE Computer Society Press, Oakland (1996)

    Google Scholar 

  14. Borgida, A., Serafini, L.: Distributed Description Logics: Directed Domain Correspondences in Federated Information Sources. In: Meersman, R., et al. (eds.) CoopIS 2002, DOA 2002, and ODBASE 2002. LNCS, vol. 2519, pp. 36–53. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  15. Cuppens-Boulahia, N., Cuppens, F., de Vergara, J.E.L., Guerra, J., Debar, H., Vazquez, E.: An Ontology-Based Approach to React to Network Attacks. In: 3rd International Conference on Risk and Security of Internet and Systems (CRiSIS), Tozeur, Tunisia (October 2008)

    Google Scholar 

  16. Ellison, C., Frantz, B., Lampson, B., Rivest, R.L., Thomas, B., Ylonen, T.: SPKI certificate theory (September 1999)

    Google Scholar 

  17. Fenz, S., Goluch, G., Ekelhart, A., Riedl, B., Weippl, E.R.: Information Security Fortification by Ontological Mapping of the ISOIEC 27001 Standard. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC), Australia (December 2007)

    Google Scholar 

  18. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W.H., Thuraisingham, B.: ROWLBAC - Representing Role Based Access Control in OWL. In: 13th Symposium on Access Control Models and Technologies, Colorado, USA (June 2008)

    Google Scholar 

  19. Foley, S.N., Mac Adams, W., O’Sullivan, B.: Aggregating Trust Using Triangular Norms in the KeyNote Trust Management System. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 100–115. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  20. Foley, S.N., Fitzgerald, W.M.: Management of Security Policy Configuration using a Semantic Threat Graph Approach. Journal of Computer Security (JCS) 19(3) (2011)

    Google Scholar 

  21. Foley, S.N., Abdi, S.: Avoiding Delegation Subterfuge Using Linked Local Permission Names. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 100–114. Springer, Heidelberg (2012)

    Google Scholar 

  22. Grau, B.C., Horrocks, I., Kazakov, Y., Sattler, U.: Modular Resuse of Ontologies: Theory and Practice. Journal of Artificial Intelligence Research 31 (February 2008)

    Google Scholar 

  23. Hernan, S., Lambert, S., Ostwald, T., Shostack, A.: Uncover Security Design Flaws Using The STRIDE Approach, http://microsoft.com/

  24. Herzog, A., Shahmehri, N., Duma, C.: An Ontology of Information Security. International Journal of Information Security and Privacy (IJISP) 1(4) (2007)

    Google Scholar 

  25. Kodeswaran, P.A., Kodeswaran, S.B., Joshi, A., Finin, T.: Enforcing Security in Semantics Driven Policy Based Networks. In: 24th International Conference on Data Engineering Workshops, Secure Semantic Web, Cancun, Mexico (April 2008)

    Google Scholar 

  26. Kolovski, V., Hendler, J., Parsia, B.: Analyzing web access control policies. In: Proceedings of the 16th International Conference on World Wide Web, WWW 2007, pp. 677–686. ACM, New York (2007), http://doi.acm.org/10.1145/1242572.1242664

    Google Scholar 

  27. Li, N., Winsborough, W., Mitchell, J.: Distributed credential chain discovery in trustmanagement. Journal of Computer Security 11(3), 35–86 (2003)

    CrossRef  Google Scholar 

  28. Ray, I., Poolsapassit, N.: Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. In: De Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231–246. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  29. Schneier, B.: Secrets and Lies Digital Security in Networked World. Wiley Publishing (2004)

    Google Scholar 

  30. Smith, M.K., Welty, C., McGuinness, D.L.: OWL Web Ontology Language Guide. W3C Recommendation, Technical Report (2004)

    Google Scholar 

  31. Squicciarini, A.C., Bertino, E., Ferrari, E., Ray, I.: Achieving Privacy in Trust Negotiations with an Ontology-Based Approach. IEEE Transactions on Dependable and Secure Computing 3(1) (2006)

    Google Scholar 

  32. Stevens, R.: Unix Network Programming, Networking API’s: Sockets and XTI, 2nd edn., vol. 1. Prentice Hall (1998)

    Google Scholar 

  33. Thuraisingham, B.: Building Trustworthy Semantic Webs. AUERBACH (2007)

    Google Scholar 

  34. Tracy, M., Jansen, W., Scarfone, K., Winograd, T.: Guidelines on Securing Public Web Servers: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-44, Version 2 (September 2009)

    Google Scholar 

  35. Wack, J., Cutler, K., Pole, J.: Guidelines on Firewalls and Firewall Policy: Recommendations of the National Institute of Standards and Technology. NIST-800-41 (2002)

    Google Scholar 

  36. Wang, Y., Haase, P., Bao, J.: A survey of formalisms for modular ontologies. In: International Joint Conference on Artificial Intelligence (IJCAI 2007) Workshop (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cork Constraint Computation Centre, Computer Science Department, University College Cork, Ireland

    Simon N. Foley & William M. Fitzgerald

Authors
  1. Simon N. Foley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. William M. Fitzgerald
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Campus de Rennes 2, rue de la Châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia, Frédéric Cuppens & Joaquin Garcia-Alfaro,  & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Foley, S.N., Fitzgerald, W.M. (2012). Decentralized Semantic Threat Graphs. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_14

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-31540-4_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31539-8

  • Online ISBN: 978-3-642-31540-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature