How Ontologies Can Help Build a Science of Cybersecurity
Hello, this is David Mundie, a Senior Member of the Technical Staff in the CERT Program. The term "science of cybersecurity" is a popular one in our community these days. For some time now I have advocated ontologies and controlled vocabularies as an approach to building such a science. I am fond of citing the conclusion of the Jason Report, that the most important step towards a "science of cybersecurity "would be the construction of a common language and a set of basic concepts about which the security community can develop a shared understanding," or in other words, an ontology.
In August 2012, I presented a paper on a disciplined, 10-step process for building ontologies at the First International Workshop on Ontologies and Taxonomies for Security (SecOnt) . In 2012, David McIntire and I worked with the CERT Malware Analysis team to generate a controlled vocabulary for malware analysis that has just been published as the CERT report, The MAL: A Malware Analysis Lexicon.
Most recently, I have transferred that vocabulary to a machine-processable ontology language, specifically, the W3C's OWL, or Web Ontology Language. That transfer made it possible to combine the vocabulary with a competency model that maps semantic clusters from the vocabulary onto specific job competencies. So-called Ontology-Based Competency Models have been quite popular recently, because combining rigorous models of domain knowledge with rigorous models of competencies provides a solid basis for building training programs, performance assessments, and hiring plans. Two examples are An Ontological Approach to Competency Management and Ontology-Based Competency Management.
Although still in its infancy, we think our combination of the malware analysis vocabulary and the competency model holds a lot of promise, and hope to present it at this year's SecOnt workshop. The following screen shot shows the top level of the ontology being edited in Stanford's ProtÃ©gÃ© tool.
If you have questions or want more information about our work on a malware ontology, send email to email@example.com.