Ciência-IUL
Publicações
Descrição Detalhada da Publicação
An ontology-based model for evaluating cloud attack scenarios in CATS: A serious game in cloud security
2023 IEEE 29th International Conference on Engineering, Technology and Innovation (ICE/ITMC)
Ano (publicação definitiva)
2023
Língua
Inglês
País
Estados Unidos da América
Mais Informação
Web of Science®
Esta publicação não está indexada na Web of Science®
Scopus
Google Scholar
Abstract/Resumo
In recent years, the market of cloud services has been growing rapidly. Consequently, cloud security has become a heavily discussed topic in the industry. If cloud assets are misconfigured, it can lead to severe security issues and be exposured to cybersecurity attacks. It is of great importance that industry practitioners understand the security challenges and their responsibilities to protect cloud assets. We designed a serious game: Cloud of Assets and Threats (CATS) as an enrichment to the traditional training method to empower users of the cloud infrastructure in terms of cloud security awareness. In this work, we propose a new ontology-based model to support the evaluation of the simulated attack scenarios in CATS. We share the implementation details and the algorithm, based on the Common Vulnerability Scoring System (CVSS), which is used in CATS to evaluate the simulated attack scenarios. With this innovative effort, we maximize the level to which the CATS game reflects real-world facts, and provide a reasonable level of abstraction in the serious game. Our work contributes to the body of knowledge by extending the existing ontology and applying it in the evaluator algorithm, which stands at the core of our serious game CATS. We apply CATS in training in the industry and discovered that CATS is a promising approach to help the industry practitioners to understand cloud security concepts and raise awareness about cloud security. Scholars in the academic world benefit from the work by gaining experience in instantiating the design science paradigm.
Agradecimentos/Acknowledgements
Furthermore, the third author thanks the Instituto Universitário de Lisboa and ISTAR, for their support.
Palavras-chave
Technology and engineering learning,Cloud security,Awareness,Industry,Serious game,Shared-responsibility model,Ontology-based model
Registos de financiamentos
Referência de financiamento | Entidade Financiadora |
---|---|
UIDB/04466/2020 | Fundação para a Ciência e a Tecnologia |
UIDP/04466/2020 | Fundação para a Ciência e a Tecnologia |
13N16581 | Federal Ministry of Education and Research |
13N16585 | Federal Ministry of Education and Research |
Projetos Relacionados
Esta publicação é um output do(s) seguinte(s) projeto(s):