Utilização de ontologias na avaliação de segurança cibernética na Internet das coisas: uma revisão sistemática de literatura
DOI:
https://doi.org/10.18225/ci.inf.v50i1.5024Palabras clave:
Segurança cibernética automotiva, Ontologia de avaliação em segurança cibernética, OntologiaResumen
A avaliação de segurança cibernética tornou-se crítica no desenvolvimento de dispositivos da Internet das Coisas (IoT – Internet of Things) e dos CPS (Cyber Physical Systems) automotivos em vários domínios de aplicação. A abordagem da avaliação de segurança cibernética suportada por ontologias é um caminho promissor para lidar com questões multidisciplinares e de diferentes domínios de conhecimento. Este artigo apresenta uma Revisão Sistemática da Literatura (RSL) com o objetivo de levantar as abordagens e aplicações empregadas em pesquisas que discutiram o uso de ontologias em avaliação de segurança cibernética em IoT e CPS automotivos. O resultado da RSL revela como ontologias têm sido empregadas para avaliação de segurança cibernética. São apresentadas as principais estratégias de avaliação em segurança cibernética com foco na mitigação de vulnerabilidades, suportadas por ontologias, as bases de conhecimento de padrões de ataques e vulnerabilidades que exploram as fraquezas cibernéticas conhecidas e as principais métricas utilizadas durante o processo de avaliação em segurança cibernética relatadas na literatura acadêmica.Descargas
Referencias
ABDOLI, F.; MEIBODY, N.; BAZOUBANDI, R. An Attacks Ontology for computer and networks attack. (T. Sobh, Ed.)Innovations and Advances in Computer Sciences and Engineering. Anais...Springer Netherlands, 2010
ABDULKHALEQ, A. et al. Using STPA in Compliance with ISO 26262 for Developing a Safe Architecture for Fully Automated Vehicles. arXiv:1703.03657 [cs], 10 mar. 2017.
ALAM, S.; CHOWDHURY, M. M.; NOLL, J. Interoperability of security-enabled internet of things. Wireless Personal Communications, v. 61, n. 3, p. 567–586, 2011.
ALI, N.; HONG, J.-E. Failure Detection and Prevention for Cyber-Physical Systems Using Ontology-Based Knowledge Base. Computers, v. 7, n. 4, p. 68, 6 dez. 2018.
ALMEIDA, M. B. Um modelo baseado em ontologias para representação da memória organizacional. Perspectivas em Ciência da Informação, v. 11, n. 3, p. 449–449, dez. 2006.
ALMEIDA, M. B. Revisiting ontologies: A necessary clarification. Journal of the American Society for Information Science and Technology, v. 64, n. 8, p. 1682–1693, ago. 2013.
ÁLVAREZ, G.; PETROVIĆ, S. A new taxonomy of Web attacks suitable for efficient encoding. Computers & Security, v. 22, n. 5, p. 435–449, jul. 2003.
BAKER, D. W. et al. The Development of a Common Enumeration of Vulnerabilities and Exposures. Recent Advances in Intrusion Detection. Anais... In: SECOND INTERNATIONAL WORKSHOP ON RECENT ADVANCES IN INTRUSION DETECTION. Virginia: MITRE, 1999
BALDUCCINI, M. et al. Ontology-Based Reasoning about the Trustworthiness of Cyber-Physical Systems. IET Conference Proceedings. Anais... In: LIVING IN THE INTERNET OF THINGS: CYBERSECURITY OF THE IOT - 2018. London: IET Digital Library, 28 mar. 2018
BARNUM, S. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX). Mitre Corporation, v. 11, p. 1–22, 2012.
EKELHART, A.; FENZ, S.; NEUBAUER, T. Aurum: A framework for information security risk management. 2009 42nd Hawaii International Conference on System Sciences. Anais...IEEE, 2009
FICCO, M. Security event correlation approach for cloud computing. International Journal of High Performance Computing and Networking 1, v. 7, n. 3, p. 173–185, 2013.
GEORGESCU, T.; SMEUREANU, I. Using Ontologies in Cybersecurity Field. Informatica Economica, v. 21, n. 3, p. 5–15, 2017.
GRIFFOR, E. R. et al. Framework for cyber-physical systems: volume 1, overview. Gaithersburg, MD: National Institute of Standards and Technology, 26 jun. 2017. Disponível em: <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1500-201.pdf>. Acesso em: 2 ago. 2018.
GRUBER, T. R. A translation approach to portable ontology specifications. Knowledge Acquisition, v. 5, n. 2, p. 199–220, jun. 1993.
HAMMONS, R. L.; KOVAC, R. J. Fundamentals of internet of things for non-engineers. [s.l.] Auerbach Publications, 2019.
HANNON, E. et al. What’s driving the connected car | McKinsey. Disponível em: <https://www.mckinsey.com/industries/automotive-and-assembly/our-insights/whats-driving-the-connected-car>. Acesso em: 27 ago. 2018.
HANSMAN, S.; HUNT, R. A taxonomy of network and computer attacks. Computers & Security, v. 24, n. 1, p. 31–43, fev. 2005.
HERZOG, A.; SHAHMEHRI, N.; DUMA, C. An ontology of information security. International Journal of Information Security and Privacy (IJISP), v. 1, n. 4, p. 1–23, 2007.
HOMER, J. et al. Aggregating vulnerability metrics in enterprise networks using attack graphs. Journal of Computer Security, v. 21, n. 4, p. 561–597, 20 set. 2013.
IBARRA-ESQUER, J. et al. Tracking the evolution of the internet of things concept across different application domains. Sensors, v. 17, n. 6, p. 1379, 2017.
KHAZAI, B. et al. VuWiki: An Ontology-Based Semantic Wiki for Vulnerability Assessments. International Journal of Disaster Risk Science, v. 5, n. 1, p. 55–73, 2014.
KITCHENHAM, B. et al. Systematic literature reviews in software engineering–a systematic literature review. Information and software technology, v. 51, n. 1, p. 7–15, 2009.
MACHER, G. et al. A review of threat analysis and risk assessment methods in the automotive context. International conference on computer safety, reliability, and security. Anais...2016
MCCARTHY, C.; HARNETT, K.; CARTER, A. Characterization of potential security threats in modern automobiles: A composite modeling approach. Washington: NHTSA - National Highway Traffic Safety Administration, 2014.
MCGUINNESS, D. Ontologies Come of Age. In: The Semantic Web: Why, What, and How. 2003. ed. [s.l.] MIT Press, 2003. p. 171–194.
MOZZAQUATRO, B. et al. An Ontology-Based Cybersecurity Framework for the Internet of Things. Sensors, v. 18, n. 9, p. 3053, 2018.
MOZZAQUATRO, B.; JARDIM-GONCALVES, R.; AGOSTINHO, C. Towards a reference ontology for security in the internet of things. Measurements & Networking (M&N), 2015 IEEE International Workshop on. Anais...IEEE, 2015
PETERSEN, K. et al. Systematic Mapping Studies in Software Engineering. School of Engineering, Blekinge Institute of Technology. University of Bari, Italy, v. 8, p. 68–77, 2008.
RASKIN, V. et al. Ontology in information security: a useful theoretical foundation and methodological tool. Proceedings of the 2001 workshop on New security paradigms. Anais...ACM, 2001
SCHMITTNER, C. et al. Security application of failure mode and effect analysis (FMEA). International Conference on Computer Safety, Reliability, and Security. Anais...Springer, 2014
SCHMITTNER, C. et al. Using SAE J3061 for Automotive Security Requirement Engineering. Computer Safety, Reliability, and Security. Anais...Springer International Publishing, 2016
SOCIETY OF AUTOMOTIVE ENGINEERS. SAE J3061: Cybersecurity guidebook for cyber-physical automotive systems. SAE-Society of Automotive Engineers, 2016.
TAO, M. et al. Multi-layer cloud architectural model and ontology-based security service framework for IoT-based smart homes. Future Generation Computer Systems, v. 78, p. 1040–1051, 2018.
VAN REES, R. Clarity in the usage of the terms ontology, taxonomy and classification. CIB W78’s 20th International Conference on Construction IT. Anais...: w78:2003. In: CONSTRUCTION IT BRIDGING THE DISTANCE. Waiheke Island, New Zealand: 2003Disponível em:
VITAL, L. P.; CAFÉ, L. M. A. Ontologias e taxonomias: diferenças. Perspectivas em Ciência da Informação, v. 16, n. 2, p. 115–130, jun. 2011.
WU, S.; ZHANG, Y.; CAO, W. Network security assessment using a semantic reasoning and graph based approach. Computers & Electrical Engineering, v. 64, p. 96, 2017.
Descargas
Publicado
Número
Sección
Licencia
Derechos de autor 2021 Mauricio Vianna Rezende, Rodrigo Moreno Marques, Fernando Silva Parreiras
Esta obra está bajo una licencia internacional Creative Commons Atribución-CompartirIgual 4.0.
- La publicación se reserva el direcho de realizar, en los originales, cambios de orden normativa, ortográfica y gramatical, para mantener la norma culta del idioma, respetando el estilo de los autores;
- Las pruebas finales no seran enviadas a los autores;
- Los trabajos publicados pasan a ser propriedad de la revista Ciência da Informação, siendo su reimpresión total o parcial, sujeta a autorización expresa de la dirección del IBICT;
- Debe ser consignada la fuente de publicação original;
- Són de exclusiva responsabilidad de los autores las opiniones emitidas en sus artículos;
- Cada autor recibirá dos ejemplares de la revista, caso esté disponible en el formato impreso.