UCO currently has no ability to express or characterize the concept of a datasource where some sort of data may be available.
This is a key requirement for the risk application domain ontology, is already part of the Adversary Engagement Ontology (AEO), and will almost certainly be equally important to the cyber threat intel (CTI) application domain ontology.
The risk application domain ontology that is being prepared for formal submission under CDO currently models this concept and is using it extensively in an operational sense.
Such a datasource concept is useful within CDO to characterize relevant details of the datasource as well as relate it to other concepts such as what sorts of data may be available from the datasource (e.g., employees of an organization, locations of equipment, cyber incidents within an industry sector, etc.).
To support modeling of data flows it would also be useful to have the ability to express of characterize the concept of a data target where data could transferred to.
Requirements
Requirement 1
Ability to express the name and description of a datasource
Requirement 2
Ability to express what type (e.g., person, document, database, service, etc.) of datasource it is
Requirement 3
Ability to express the scope of availability of the datasource
Requirement 4
Ability to express available mechanisms (e.g., manual, API, structured query, etc.) for accessing the datasource
Requirement 5
Ability to describe the location of the datasource
Requirement 6
Ability to express the cost of accessing the datasource
Requirement 7
Ability to specify relationships between datasources and other CDO domain concepts (UcoObjects)
Requirement 8
Ability to express the name and description of a data target
Requirement 9
Ability to describe the location of the data target
Risk / Benefit analysis
Benefits
Ability to identify and provide details of various sources of data
Ability to identify and provide details of various targets of data flow
Ability to describe flows of data between various datasources and data targets
Ability to relate particular sources or targets of data to other CDO domain concepts (UcoObjects)
Increase the operational practicality of leveraging CDO-based data for real-world use cases
Basis of support for automation of datasource access as part of an overall CDO ecosystem
Risks
None
Solution suggestion
add new core:DataSource class:
add new core:DataTarget class:
add new vocabulary:DataSourceTypeVocab vocabulary;
add new vocabulary:AvailabilityScopeVocab vocabulary;
add new vocabulary:AccessMethodVocab vocabulary;
add new core:accessMethod property;
add new core:availabilityScope property;
add new core:dataSourceCost property;
add new core:dataSourceType property;
add new core:dataSourceLocationDescription property;
add new core:dataTargetLocationDescription property;
add new associated property shapes on core:DataSource
add new associated property shapes on core:DataTarget
Solution discussion
Simple example diagram showing Datasource (bolded outline) use by Adversary Engagement Ontology (AEO):
Simple example diagram showing Datasource (bolded outline) use by Risk application domain ontology:
Simple example diagram showing Datasource (bolded outline) use by Cyber Threat Intelligence (CTI) application domain ontology:
Background
UCO currently has no ability to express or characterize the concept of a datasource where some sort of data may be available. This is a key requirement for the risk application domain ontology, is already part of the Adversary Engagement Ontology (AEO), and will almost certainly be equally important to the cyber threat intel (CTI) application domain ontology. The risk application domain ontology that is being prepared for formal submission under CDO currently models this concept and is using it extensively in an operational sense.
Such a datasource concept is useful within CDO to characterize relevant details of the datasource as well as relate it to other concepts such as what sorts of data may be available from the datasource (e.g., employees of an organization, locations of equipment, cyber incidents within an industry sector, etc.). To support modeling of data flows it would also be useful to have the ability to express of characterize the concept of a data target where data could transferred to.
Requirements
Requirement 1
Ability to express the name and description of a datasource
Requirement 2
Ability to express what type (e.g., person, document, database, service, etc.) of datasource it is
Requirement 3
Ability to express the scope of availability of the datasource
Requirement 4
Ability to express available mechanisms (e.g., manual, API, structured query, etc.) for accessing the datasource
Requirement 5
Ability to describe the location of the datasource
Requirement 6
Ability to express the cost of accessing the datasource
Requirement 7
Ability to specify relationships between datasources and other CDO domain concepts (UcoObjects)
Requirement 8
Ability to express the name and description of a data target
Requirement 9
Ability to describe the location of the data target
Risk / Benefit analysis
Benefits
Risks
None
Solution suggestion
Solution discussion
Simple example diagram showing Datasource (bolded outline) use by Adversary Engagement Ontology (AEO):
Simple example diagram showing Datasource (bolded outline) use by Risk application domain ontology:
Simple example diagram showing Datasource (bolded outline) use by Cyber Threat Intelligence (CTI) application domain ontology:
Coordination