Ontological Approach toward Cybersecurity in Cloud Computing
This work addresses cybersecurity challenges for cloud computing users and providers, but it is incremental as it adapts existing non-cloud cybersecurity ontologies to the cloud context.
The paper tackles the problem of identifying and discussing cybersecurity information needed for cloud computing by proposing an ontological approach, resulting in the identification of essential changes like data-asset decoupling and required information such as data provenance.
Widespread deployment of the Internet enabled building of an emerging IT delivery model, i.e., cloud computing. Albeit cloud computing-based services have rapidly developed, their security aspects are still at the initial stage of development. In order to preserve cybersecurity in cloud computing, cybersecurity information that will be exchanged within it needs to be identified and discussed. For this purpose, we propose an ontological approach to cybersecurity in cloud computing. We build an ontology for cybersecurity operational information based on actual cybersecurity operations mainly focused on non-cloud computing. In order to discuss necessary cybersecurity information in cloud computing, we apply the ontology to cloud computing. Through the discussion, we identify essential changes in cloud computing such as data-asset decoupling and clarify the cybersecurity information required by the changes such as data provenance and resource dependency information.