Utilização de ontologias na avaliação de segurança cibernética na Internet das coisas: uma revisão sistemática de literatura
DOI:
https://doi.org/10.18225/ci.inf.v50i1.5024Keywords:
Segurança cibernética automotiva, Ontologia de avaliação em segurança cibernética, OntologiaAbstract
A avaliação de segurança cibernética tornou-se crítica no desenvolvimento de dispositivos da Internet das Coisas (IoT – Internet of Things) e dos CPS (Cyber Physical Systems) automotivos em vários domínios de aplicação. A abordagem da avaliação de segurança cibernética suportada por ontologias é um caminho promissor para lidar com questões multidisciplinares e de diferentes domínios de conhecimento. Este artigo apresenta uma Revisão Sistemática da Literatura (RSL) com o objetivo de levantar as abordagens e aplicações empregadas em pesquisas que discutiram o uso de ontologias em avaliação de segurança cibernética em IoT e CPS automotivos. O resultado da RSL revela como ontologias têm sido empregadas para avaliação de segurança cibernética. São apresentadas as principais estratégias de avaliação em segurança cibernética com foco na mitigação de vulnerabilidades, suportadas por ontologias, as bases de conhecimento de padrões de ataques e vulnerabilidades que exploram as fraquezas cibernéticas conhecidas e as principais métricas utilizadas durante o processo de avaliação em segurança cibernética relatadas na literatura acadêmica.Downloads
References
ABDOLI, F.; MEIBODY, N.; BAZOUBANDI, R. An Attacks Ontology for computer and networks attack. (T. Sobh, Ed.)Innovations and Advances in Computer Sciences and Engineering. Anais...Springer Netherlands, 2010
ABDULKHALEQ, A. et al. Using STPA in Compliance with ISO 26262 for Developing a Safe Architecture for Fully Automated Vehicles. arXiv:1703.03657 [cs], 10 mar. 2017.
ALAM, S.; CHOWDHURY, M. M.; NOLL, J. Interoperability of security-enabled internet of things. Wireless Personal Communications, v. 61, n. 3, p. 567–586, 2011.
ALI, N.; HONG, J.-E. Failure Detection and Prevention for Cyber-Physical Systems Using Ontology-Based Knowledge Base. Computers, v. 7, n. 4, p. 68, 6 dez. 2018.
ALMEIDA, M. B. Um modelo baseado em ontologias para representação da memória organizacional. Perspectivas em Ciência da Informação, v. 11, n. 3, p. 449–449, dez. 2006.
ALMEIDA, M. B. Revisiting ontologies: A necessary clarification. Journal of the American Society for Information Science and Technology, v. 64, n. 8, p. 1682–1693, ago. 2013.
ÁLVAREZ, G.; PETROVIĆ, S. A new taxonomy of Web attacks suitable for efficient encoding. Computers & Security, v. 22, n. 5, p. 435–449, jul. 2003.
BAKER, D. W. et al. The Development of a Common Enumeration of Vulnerabilities and Exposures. Recent Advances in Intrusion Detection. Anais... In: SECOND INTERNATIONAL WORKSHOP ON RECENT ADVANCES IN INTRUSION DETECTION. Virginia: MITRE, 1999
BALDUCCINI, M. et al. Ontology-Based Reasoning about the Trustworthiness of Cyber-Physical Systems. IET Conference Proceedings. Anais... In: LIVING IN THE INTERNET OF THINGS: CYBERSECURITY OF THE IOT - 2018. London: IET Digital Library, 28 mar. 2018
BARNUM, S. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX). Mitre Corporation, v. 11, p. 1–22, 2012.
EKELHART, A.; FENZ, S.; NEUBAUER, T. Aurum: A framework for information security risk management. 2009 42nd Hawaii International Conference on System Sciences. Anais...IEEE, 2009
FICCO, M. Security event correlation approach for cloud computing. International Journal of High Performance Computing and Networking 1, v. 7, n. 3, p. 173–185, 2013.
GEORGESCU, T.; SMEUREANU, I. Using Ontologies in Cybersecurity Field. Informatica Economica, v. 21, n. 3, p. 5–15, 2017.
GRIFFOR, E. R. et al. Framework for cyber-physical systems: volume 1, overview. Gaithersburg, MD: National Institute of Standards and Technology, 26 jun. 2017. Disponível em: <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1500-201.pdf>. Acesso em: 2 ago. 2018.
GRUBER, T. R. A translation approach to portable ontology specifications. Knowledge Acquisition, v. 5, n. 2, p. 199–220, jun. 1993.
HAMMONS, R. L.; KOVAC, R. J. Fundamentals of internet of things for non-engineers. [s.l.] Auerbach Publications, 2019.
HANNON, E. et al. What’s driving the connected car | McKinsey. Disponível em: <https://www.mckinsey.com/industries/automotive-and-assembly/our-insights/whats-driving-the-connected-car>. Acesso em: 27 ago. 2018.
HANSMAN, S.; HUNT, R. A taxonomy of network and computer attacks. Computers & Security, v. 24, n. 1, p. 31–43, fev. 2005.
HERZOG, A.; SHAHMEHRI, N.; DUMA, C. An ontology of information security. International Journal of Information Security and Privacy (IJISP), v. 1, n. 4, p. 1–23, 2007.
HOMER, J. et al. Aggregating vulnerability metrics in enterprise networks using attack graphs. Journal of Computer Security, v. 21, n. 4, p. 561–597, 20 set. 2013.
IBARRA-ESQUER, J. et al. Tracking the evolution of the internet of things concept across different application domains. Sensors, v. 17, n. 6, p. 1379, 2017.
KHAZAI, B. et al. VuWiki: An Ontology-Based Semantic Wiki for Vulnerability Assessments. International Journal of Disaster Risk Science, v. 5, n. 1, p. 55–73, 2014.
KITCHENHAM, B. et al. Systematic literature reviews in software engineering–a systematic literature review. Information and software technology, v. 51, n. 1, p. 7–15, 2009.
MACHER, G. et al. A review of threat analysis and risk assessment methods in the automotive context. International conference on computer safety, reliability, and security. Anais...2016
MCCARTHY, C.; HARNETT, K.; CARTER, A. Characterization of potential security threats in modern automobiles: A composite modeling approach. Washington: NHTSA - National Highway Traffic Safety Administration, 2014.
MCGUINNESS, D. Ontologies Come of Age. In: The Semantic Web: Why, What, and How. 2003. ed. [s.l.] MIT Press, 2003. p. 171–194.
MOZZAQUATRO, B. et al. An Ontology-Based Cybersecurity Framework for the Internet of Things. Sensors, v. 18, n. 9, p. 3053, 2018.
MOZZAQUATRO, B.; JARDIM-GONCALVES, R.; AGOSTINHO, C. Towards a reference ontology for security in the internet of things. Measurements & Networking (M&N), 2015 IEEE International Workshop on. Anais...IEEE, 2015
PETERSEN, K. et al. Systematic Mapping Studies in Software Engineering. School of Engineering, Blekinge Institute of Technology. University of Bari, Italy, v. 8, p. 68–77, 2008.
RASKIN, V. et al. Ontology in information security: a useful theoretical foundation and methodological tool. Proceedings of the 2001 workshop on New security paradigms. Anais...ACM, 2001
SCHMITTNER, C. et al. Security application of failure mode and effect analysis (FMEA). International Conference on Computer Safety, Reliability, and Security. Anais...Springer, 2014
SCHMITTNER, C. et al. Using SAE J3061 for Automotive Security Requirement Engineering. Computer Safety, Reliability, and Security. Anais...Springer International Publishing, 2016
SOCIETY OF AUTOMOTIVE ENGINEERS. SAE J3061: Cybersecurity guidebook for cyber-physical automotive systems. SAE-Society of Automotive Engineers, 2016.
TAO, M. et al. Multi-layer cloud architectural model and ontology-based security service framework for IoT-based smart homes. Future Generation Computer Systems, v. 78, p. 1040–1051, 2018.
VAN REES, R. Clarity in the usage of the terms ontology, taxonomy and classification. CIB W78’s 20th International Conference on Construction IT. Anais...: w78:2003. In: CONSTRUCTION IT BRIDGING THE DISTANCE. Waiheke Island, New Zealand: 2003Disponível em:
VITAL, L. P.; CAFÉ, L. M. A. Ontologias e taxonomias: diferenças. Perspectivas em Ciência da Informação, v. 16, n. 2, p. 115–130, jun. 2011.
WU, S.; ZHANG, Y.; CAO, W. Network security assessment using a semantic reasoning and graph based approach. Computers & Electrical Engineering, v. 64, p. 96, 2017.
Downloads
Published
Issue
Section
License
Copyright (c) 2021 Mauricio Vianna Rezende, Rodrigo Moreno Marques, Fernando Silva Parreiras
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
- This publication reserves the right to modify the original, regarding norms, spelling and grammar, in order to maintain the standards of the language, still respecting author writing style;
- The final proofs will not be sent to the authors;
- Published works become Ciência da Informação's property, their second partial or full print being subject to expressed authorization by IBICT's Director;
- The original source of publicaton must be provided at all times;
- The authors are solely responsible fo the views expressed within the article;
- Each author will receive two hard copies of the issue, if made availalbe in print.