Vulnerability ontology in SCADA systems

V. O. Shaporin; P. M. Tishin; O. L. Shaporina

doi:10.32836/2521-6643-2018-1-56-2

V. O. Shaporin Associate Professor of the Department of Computer Intellectual Systems and Networks, Odessa National Polytechnic University, Ukraine, Odessa/
P. M. Tishin Associate Professor of the Department of Computer Intellectual Systems and Networks, Odessa National Polytechnic University, Ukraine, Odessa/
O. L. Shaporina Senior lecture of Computer Intellectual Systems and Networks Dept, Odessa National Polytechnic University, Ukraine, Odessa,

DOI: https://doi.org/10.32836/2521-6643-2018-1-56-2

Keywords: vulnerability management; SCADA systems; Common Weak-ness Enumeration; descriptive logic; Web Ontology Language.

Abstract

The main feature of information security is that it is not a state, but a con-tinuous process of analyzing the security of computer systems and networks and their components. Modern information systems are often is the part of public ser-vices, what make a large number of challenges for system and security adminis-trators. The main problem is that the all hardware and software of this systems has a many vulnerabilities, because it’s a complex, modular and multi-vendor tools and devices. So it’s important to have an opportunity to manage the weak-ness of this tools and decrease the probability of network attack, using this vul-nerabilities. This article presents a study in the field of building ontological mod-els of vulnerability of SCADA systems. The ontology design method is based on the OWL ontology description language and on the use of a database of known types of vulnerabilities. The paper proposes a system of axioms and related clas-ses describing the vulnerability of hardware and software. This system is allowed security engineers to have a tool for flexible and effective representation of sys-tems weakness and vulnerabilities. When constructing an ontology of vulnerabil-ity, the hierarchy of the influence of model parameters is taken into account, which makes it possible to describe unified vulnerability models with increased detail in the general description of vulnerability. The proposed ontological model is implemented in the Protégé modeling system.
Testing of this method was carried out in the university laboratory. Testing was perform during regular inventory of the classroom and troubleshooting cur-rent network infrastructure. The implementing of this method is make possible to decrease a time of analyzing the state of the target system. Also this method pro-vide a decreasing of the risk of injection types of attacks in networks. The pro-posed method allows the use of not only external sources of information about vulnerabilities, but also the knowledge and experience gained during the opera-tion of the target system by administrators and analysts in the processes of ana-lyzing systems and networks.