Ontological Approach toward Cybersecurity in Cloud Computing

TL;DR

This paper proposes an ontological framework to identify and analyze essential cybersecurity information in cloud computing, addressing security challenges specific to cloud environments.

Contribution

It introduces a novel ontology for cybersecurity operational data tailored to cloud computing, highlighting key information needs like data provenance and resource dependency.

Findings

Identified critical cybersecurity information for cloud computing.

Clarified the impact of data-asset decoupling on security requirements.

Applied ontology to real cloud scenarios for security analysis.

Abstract

Widespread deployment of the Internet enabled building of an emerging IT delivery model, i.e., cloud computing. Albeit cloud computing-based services have rapidly developed, their security aspects are still at the initial stage of development. In order to preserve cybersecurity in cloud computing, cybersecurity information that will be exchanged within it needs to be identified and discussed. For this purpose, we propose an ontological approach to cybersecurity in cloud computing. We build an ontology for cybersecurity operational information based on actual cybersecurity operations mainly focused on non-cloud computing. In order to discuss necessary cybersecurity information in cloud computing, we apply the ontology to cloud computing. Through the discussion, we identify essential changes in cloud computing such as data-asset decoupling and clarify the cybersecurity information required by the changes such as data provenance and resource dependency information.