TY - GEN
T1 - Ontology-based Dynamic and Context-aware Security Assessment Automation for Critical Applications
AU - Aman, Waqas
AU - Khan, Fazlullah
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019
Y1 - 2019
N2 - Several assessment techniques and methodologies exist to analyze the security of an application dynamically. However, they either are focused on a particular product or are mainly concerned about the assessment process rather than the product's security confidence. Most crucially, they tend to assess the security of a target application as a standalone artifact without assessing its host infrastructure. Such attempts can undervalue the overall security posture since the infrastructure becomes crucial when it hosts a critical application. We present an ontology-based security model that aims to provide the necessary knowledge, including network settings, application configurations, testing techniques and tools, and security metrics to evaluate the security aptitude of a critical application in the context of its hosting infrastructure. The objective is to integrate the current good practices and standards in security testing and virtualization to furnish an on-demand and test-ready virtual target infrastructure to execute the critical application and to initiate a context-aware and quantifiable security assessment process in an automated manner. Furthermore, we present a security assessment architecture to reflect on how the ontology can be integrated into a standard process.
AB - Several assessment techniques and methodologies exist to analyze the security of an application dynamically. However, they either are focused on a particular product or are mainly concerned about the assessment process rather than the product's security confidence. Most crucially, they tend to assess the security of a target application as a standalone artifact without assessing its host infrastructure. Such attempts can undervalue the overall security posture since the infrastructure becomes crucial when it hosts a critical application. We present an ontology-based security model that aims to provide the necessary knowledge, including network settings, application configurations, testing techniques and tools, and security metrics to evaluate the security aptitude of a critical application in the context of its hosting infrastructure. The objective is to integrate the current good practices and standards in security testing and virtualization to furnish an on-demand and test-ready virtual target infrastructure to execute the critical application and to initiate a context-aware and quantifiable security assessment process in an automated manner. Furthermore, we present a security assessment architecture to reflect on how the ontology can be integrated into a standard process.
KW - Automation
KW - Critical Infrastructure
KW - Dynamic Application Security Testing
KW - Ontology
KW - Virtualization
UR - http://www.scopus.com/inward/record.url?scp=85081971618&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85081971618&partnerID=8YFLogxK
U2 - 10.1109/GCCE46687.2019.9015599
DO - 10.1109/GCCE46687.2019.9015599
M3 - Conference contribution
T3 - 2019 IEEE 8th Global Conference on Consumer Electronics, GCCE 2019
SP - 644
EP - 647
BT - IEEE 8th Global Conference on Consumer Electronics, GCCE 2019, Osaka, Japan, October 15-18, 2019
PB - IEEE
T2 - 8th IEEE Global Conference on Consumer Electronics, GCCE 2019
Y2 - 15 October 2019 through 18 October 2019
ER -