Boosting D3FEND: Ontological Analysis and Recommendations

Formal Ontology is a discipline whose business is to develop formal theories about general aspects of reality such as identity, dependence, parthood, truth-making, causality, etc. A foundational ontology is a specific consistent set of these ontological theories that support activities such as domain analysis, conceptual clarification, and meaning negotiation. A (well-founded) core ontology specifies, under a foundational ontology, the central concepts and relations of a given domain. Foundational and core ontologies can be seen as ontology engineering frameworks to systematically address the laborious task of building large (more specific) domain ontologies. However, both in research and industry, it is common that ontologies as computational artifacts are built without the aid of any framework of this kind, often yielding modeling mistakes and representation gaps. In this paper, we analyze a case in the domain of cybersecurity, namely, the case of D3FEND - an OWL knowledge graph of cybersecurity countermeasure techniques proposed by the MITRE Corporation. Based on the Reference Ontology for Security Engineering (ROSE), a core ontology of the security domain founded in the Unified Foundational Ontology (UFO), our investigation reveals a number of semantic issues and opportunities for improvement in D3FEND, including missing concepts, semantic overload of terms, and lacking constraints that cause an under-specification of the model. As a result of our ontological analysis, we propose several suggestions for the appropriate redesign of D3FEND to overcome those issues.