An ontology framework for managing security attacks and defences in component based software systems

Software systems become increasingly distributed, involving many independent and collaborating components working towards achieving system goals. At the same time, security attacks on these systems have also grown being more sophisticated and are quite difficult to identify and mitigate, in particular including distributed attacks. In this paper, we argue that one way to detect and resist against such attacks is through the collaboration of a system's constituent components. To achieve collaborative defense in a distributed component-based system, a common basis (vocabulary) is needed for the components to communicate and work with each other in detecting attacks and devising countermeasures. We adopt an ontological approach to establishing such a common base and introduce ontologies concerning security attacks and defenses. The ontologies specify the security concepts and their relationships in a way understandable to both humans and software agents. We use a case study involving Mitnick attacks to demonstrate how system components use the ontologies to detect and counter attacks.