D3FEND: Getting to 1.0

Thanks to steady and valuable input from the community on the beta version of D3FEND, we are now ready advance to the next step: creating a stable, extensible, and integration-friendly version of D3FEND: D3FEND 1.0.

The D3FEND Story So Far

We released D3FEND to the public in June of 2021 as a beta software release. We’ve kept it as beta releases since, using semantic versioning to indicate we might make significant changes to the model. We knew that if we released a formal ontology, in OWL 2 DL, that developers would start building applications on top of D3FEND’s ontological model. We were contacted by a variety of organizations who were building tools even with the beta release.

We have also seen an vendors apply and collaborate on D3FEND in increasing numbers. Since its release, D3FEND has nearly tripled in size. Now, the benefit of two years of feedback and discussion from the community, we plan to release a stable D3FEND 1.0 in 2024.

Toward D3FEND 1.0

Our goal with a 1.0 release is to create a stable, extensible, and integration-friendly version of D3FEND.

Our vision is a community-developed cybersecurity ontology—which can satisfy requirements for sophisticated reasoning applications. This contrasts with an ontology used purely for language standardization. D3FEND is use case driven.

Community contributions to D3FEND have been essential to D3FEND’s progress. They’ve come from a diverse set of individuals with roles ranging from security architects, application security analysts, detection engineers, compliance experts, and expert ontologists. These varied perspectives help shape the ontology for both general and specific use cases.

Remaining Work to get to 1.0

Making D3FEND Easier to Use

We are committed to making D3FEND easier to use and apply across a broader set of domains. This involves detailing specific use cases and creating recommended workflows and software tools for domains such as systems security engineering, risk engineering, and test and evaluation.

Integration and Extensibility Improvements

What makes D3FEND powerful is that is both a formal model and a knowledge base. Thus, its dual purpose in that you can use it to structure applications, and reason about general concepts to make nuanced recommendations. This aspect of D3FEND and the primitives for this are buried in our ontology files.

Developing reasoning applications, such as reliable smart recommendation systems, is challenging. Using standards-based technologies make it even more challenging. We will continue using standards-based technology, the foremost being OWL 2 DL, the ontology specification D3FEND uses. This makes it easy to extend the base D3FEND model for custom applications with custom local knowledge.

Continue Modeling Software and Hardware Weaknesses

Today, D3FEND’s primary use case is finding relationships between defensive techniques and to offensive techniques through a model of infrastructure (digital artifacts ). However, we are also starting to model weaknesses incorporating the Common Weakness Enumeration (CWE™) with this method to deal with issues in addition to threat. We have made some progress on this, for example, the subroutine taxonomy. We’ll also be adding more defensive techniques that address these weaknesses as well.

Add Access Control Concepts

Access control concepts are a key concern for cybersecurity architects. Zero Trust’s rise in popularity underscores and extends these concepts. D3FEND’s first release was mostly focused on detection techniques (see Detect). D3FEND 1.0 will include a taxonomy to cover access control concepts from a cybersecurity architect’s perspective.

Connecting D3FEND to a Formal Upper Ontology

Although not crucial for most users, aligning D3FEND with a formal upper ontology is essential for ensuring the coherence, accuracy, and utility of the model for broader applications. Since this area of study includes the domain of philosophy, it’s perhaps unsurprising there are differing opinions amongst academics in approaches to modeling the universe.

Our aim in this area is to reconcile various modeling approaches, ensuring D3FEND achieves maximum compatible with popular upper ontologies, such as Basic Formal Ontology (BFO), which is prevalent in the U.S., and Unified Foundational Ontology (UFO), which we see used in Europe.

Create a Content Deprecation Strategy

We will create a well-defined deprecation strategy for classes and properties. This will be based on the OWL’s deprecation specification. In addition, we will develop our workflows and user interface elements to show the deprecation status to users.

Next Steps

D3FEND’s open and flexible licensing and distribution enables us to realize our long-term vision. We encourage you to participate in our community and help bring D3FEND 1.0 to life.

Acknowledgements:

Thank you to Dr. Mike Smith and Will Barnum for reviewing drafts of this post.