Exportar Publicação
A publicação pode ser exportada nos seguintes formatos: referência da APA (American Psychological Association), referência do IEEE (Institute of Electrical and Electronics Engineers), BibTeX e RIS.
Zhao, T., Lechner, U., Pinto-Albuquerque, M. & Ongu, D. (2023). An ontology-based model for evaluating cloud attack scenarios in CATS: A serious game in cloud security. In Vidmar, M. (Ed.), 2023 IEEE 29th International Conference on Engineering, Technology and Innovation (ICE/ITMC). Edinburgh: IEEE.
T. Zhao et al., "An ontology-based model for evaluating cloud attack scenarios in CATS: A serious game in cloud security", in 2023 IEEE 29th Int. Conf. on Engineering, Technology and Innovation (ICE/ITMC), Vidmar, M., Ed., Edinburgh, IEEE, 2023
@inproceedings{zhao2023_1732227141738, author = "Zhao, T. and Lechner, U. and Pinto-Albuquerque, M. and Ongu, D.", title = "An ontology-based model for evaluating cloud attack scenarios in CATS: A serious game in cloud security", booktitle = "2023 IEEE 29th International Conference on Engineering, Technology and Innovation (ICE/ITMC)", year = "2023", editor = "Vidmar, M.", volume = "", number = "", series = "", doi = "10.1109/ICE/ITMC58018.2023.10332371", publisher = "IEEE", address = "Edinburgh", organization = "", url = "https://ieeexplore.ieee.org/xpl/conhome/10332254/proceeding" }
TY - CPAPER TI - An ontology-based model for evaluating cloud attack scenarios in CATS: A serious game in cloud security T2 - 2023 IEEE 29th International Conference on Engineering, Technology and Innovation (ICE/ITMC) AU - Zhao, T. AU - Lechner, U. AU - Pinto-Albuquerque, M. AU - Ongu, D. PY - 2023 SN - 2334-315X DO - 10.1109/ICE/ITMC58018.2023.10332371 CY - Edinburgh UR - https://ieeexplore.ieee.org/xpl/conhome/10332254/proceeding AB - In recent years, the market of cloud services has been growing rapidly. Consequently, cloud security has become a heavily discussed topic in the industry. If cloud assets are misconfigured, it can lead to severe security issues and be exposured to cybersecurity attacks. It is of great importance that industry practitioners understand the security challenges and their responsibilities to protect cloud assets. We designed a serious game: Cloud of Assets and Threats (CATS) as an enrichment to the traditional training method to empower users of the cloud infrastructure in terms of cloud security awareness. In this work, we propose a new ontology-based model to support the evaluation of the simulated attack scenarios in CATS. We share the implementation details and the algorithm, based on the Common Vulnerability Scoring System (CVSS), which is used in CATS to evaluate the simulated attack scenarios. With this innovative effort, we maximize the level to which the CATS game reflects real-world facts, and provide a reasonable level of abstraction in the serious game. Our work contributes to the body of knowledge by extending the existing ontology and applying it in the evaluator algorithm, which stands at the core of our serious game CATS. We apply CATS in training in the industry and discovered that CATS is a promising approach to help the industry practitioners to understand cloud security concepts and raise awareness about cloud security. Scholars in the academic world benefit from the work by gaining experience in instantiating the design science paradigm. ER -